FOR Andrew Stern, director, F5 Networks
The need for “just a firewall” certainly has gone as the threat to both application and network security is much more complex. With the rise of web services and outsourcing, more IT systems will need to interact with disparate groups, technologies and infrastructures. In this environment, a firewall simply provides access to the network, but it is not able to determine if an attempted instruction to an application or network-attached device is in breach of security policy, legal contract or business process. From a security standpoint, having separate layers of point products such as a firewall, application traffic management, reverse proxy and IDS can potentially leave unforeseen gaps in a secure system. I believe that a unified approach, where secure access is managed on a single appliance, provides both improved performance and security while significantly reducing management overhead. The debate needs to move on to the next level and accept that a firewall is a component of a secure system, but in isolation is not enough to secure networks and applications.
AGAINST Olaf Siemens, CEO, Innominate
The good old firewall is anything but dead. The definition of who is allowed to communicate with whom over which protocol is the foundation of all security strategies, and that’s exactly what firewalls are for, as well as playing a vital role in fighting DoS attacks. But the firewall has to be carefully extended. Firewalls should be deployed to secure the endpoints of a network and they have to be managed more intelligently. Deploying inexpensive but powerful firewalls to each server in an organization would be a big step to increase the overall security. Slammer’s effect would have been less severe had there been more well-configured firewalls to protect important servers. Also, firewalls deployed to the end-point of your network can provide a means of containment and prevent infections from spreading to your network. Firewalls are an important line of defense when the OS is the weakness. Finally, firewalls should operate under the control of a tight security policy management system, rather than being hand-coded one by one. With these measures, firewalls will enjoy a very long life.