InfoWorld - Security Adviser: The firestorm over firewalls

/Home/Internet Security: Blogs/Internet Security: InfoWorld blog/InfoWorld: Security Adviser 2012

Two days ago I declared that it was time to deep-six the firewall; the rebuttals were fast and furious. Here's my response

By Roger A. Grimes
MAY 17, 2012

I love offering opinions that generate comment after comment about how dumb I am, as my post "Why you don't need a firewall" has achieved. Little do these detractors know that my family and classmates said much meaner things as I was growing up, so it's like water sliding off a duck's back. I appreciate most of the comments -- because many were valid.

Some commenters, for example, guessed that I might have been exaggerating the tone of the article for effect. Mea culpa!

But I stand by my main point, which is that firewalls have significantly less value today than they did years ago. Many readers focused on one point: that misconfigured and mismanaged firewalls are worse than useless. That's true. But my main argument, that most of today's successful threats don't care about firewalls, is much more relevant. Firewalls are victims of their own success: They forced attackers to move up the stack and pick outgoing ports that are always open (ports 80 and 443).

Click the URL above to read the full article