The Internet Firewall: R.I.P.?

Discussion in 'other firewalls' started by ronjor, Sep 13, 2007.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    Article
     
  2. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    The article does seem to focus more on enterprise firewalls (providing connection filtering for corporate networks) rather than personal firewalls. Indeed, personal firewalls arguably become more important for companies whose workers connect from outside the corporate intranet.

    This does make sense when you consider the increasing use of stealth in malware. It is hard enough for a resident personal firewall to detect the latest trojans using rootkit techniques - for a corporate firewall that can only see IP addresses and port numbers it would be next to impossible.
     
  3. herbalist

    herbalist Guest

    From the article:
    Unless I'm missing something, this doesn't quite make sense. I'm assuming he means sandboxed or virtual operating systems for the user terminals, with the virtual systems networked instead of the actual physical systems? That would be a pretty good defense against rootkit based malware, but less effective against more conventional malware running on the virtual system itself. If the virtual systems are handling the data, they'll need virtual security packages to prevent trojans from harvesting passwords and voiding the encryption. If the virtualization system itself was ever compromized, such a setup would be horribly vulnerable.

    I also find it very questionable not protecting their data with some form of firewall and relying strictly on encryption to secure it. Encryption might stop someone from accessing it but wouldn't stop someone from corrupting or deleting it.

    Another thing that would concern me about allowing access to the encrypted data is the huge botnets now in existence. If the criminal organizations controlling them ever harness their combined power to attack encryption, a lot of it will fail. The odds of brute force attacks succeeding are much higher with that kind of power behind them.
    Rick
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    A 90 degree swing and reason for a new book?
    ____________________

    Do we really need a firewall (R.I.P.),.. ask me after full implimentation of IPV6.
     
  5. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Yes, I said in another thread recently that I believe the days of stand alone software personal Firewalls is numbered. I believe it will be add on to a suite of other security products only. We are pretty much there now. Little advertising dollars will be spent touting the firewall. No long top draw in security. It very well may fade away but not for awhile yet. :doubt: As Paranoid said large networks yes, but single PC....
     
  6. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    You have something. Just look at the available products for Vista. Mostly suites but very few stand alone firewalls. Meanwhile even the XP selection of stand alone firewalls shrinks as the firewall authors are bought up to incorporate their technologies in suites.
     
  7. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    This is interesting. Since I have been a suite :)P ) person for the past few years and I haven't noticed this.

    I don't know how many stand-alone FW companies were absorbed by bigger security companies (such as the acquisition of Sygate by Symantec) but this is also a factor.

    Even Symantec does not offer a stand-alone firewall anymore for the home user (they do offer businesses Symantec Sygate Enterprise Protection).
     
  8. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    That is more likely due to the significant changes in networking under Vista (a completely new network subsystem, with IPv6 support) which in turn requires major changes to most firewalls.

    As for stand-alone firewalls, they are very much a requirement but due to more sophisticated malware (and leaktest techniques) most are morphing into more general "process/network control" packages, covering areas like interprocess communication and privileged system access. The challenge here is providing such features in a way that doesn't overwhelm the average (or advanced!) user.
     
Loading...
Thread Status:
Not open for further replies.