- Mythbuster busts his own tale
- 10 open source companies to watch
- Sony recalls 73,000 Vaio laptops
- Tool to evade China's Web censorship
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
NEW YORK -- Life behind the network firewall sometimes feels like life behind bars when it comes to today’s collaborative e-commerce, which requires the opening of corporate networks to business partners.
The Jericho Forum, the organization out to convince corporate executives and the security industry that they need to devise security options less dependent on a perimeter defense such as traditional firewalls, displayed its growing clout this week in a conference that attracted top design architects from Microsoft and Oracle and large end-user companies.
The idea of firewall-less edge is a contentious one, and scores of enterprises, including Citigroup and JPMorganChase, showed up to hear debate on the firewall as necessity or hindrance. Bill Cheswick, lead member of technical staff at AT&T Research and famed as an early innovator of firewalls, kicked it all off with a keynote in which he acknowledged it is possible at times to go “Internet skinny-dipping”—using the Internet securely without a firewall and even antivirus defense.
“Can we use the Internet in a rich way, safely, without a perimeter defense?” Cheswick posed to the conference attendees. The dangers of “people poking my software” are going to be there, he pointed out, and “you’re giving up a layer of security.”
But it is possible to plunge into the Internet without perimeter defense. “I’ve been skinny-dipping without antivirus software. It’s refreshing. Has skinny-dipping worked for me? It’s worked fine for me, ”Cheswick said. However placing “sandbox defenses” around services is key in his own experience. For businesses today, the limitation in foregoing perimeter defense is that “you won’t stop a DDoS attack, so we may still need a walled garden,” he noted.
Cheswick said one of the best possibilities offered for the future of security is in the realm of virtualization software. “Virtualization lets me build a machine with a very robust sandbox,” he said.
Carl Ellison, Microsoft’s architect responsible for designing improvements in Windows, acknowledged the problems of what he termed “isolation boundaries” that no longer offer adequate security since many companies today have to open up network holes in them in order to conduct business.
“We’ve been tunneling everything over Port 80 because that one is open in the firewall,” Ellison noted, adding, “The perimeter is gone. It’s been gone. This is a dream that people have that it’s not gone.”
Rss FeedRss Feed
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
The ROI and TCO Benefits of Data Deduplication for Data Protection in the EnterpriseThis paper examines and quantifies the costs and benefits of backup with deduplication storage as...
Life on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
We have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (2)
Internet Skinny DippingBy annicedda on June 4, 2008, 5:00 pmI would not recommend using the internet with your firewall turned off. Also, never send someone an e-mail with your cc info in it. Today my mom was doing something...
Reply | Read entire comment
RE: E-commerce, security issues challenge network firewall roleBy Akhilesh V Gokaraju on September 20, 2007, 12:23 amWhat would this mean for multiple-domain firewalls like CheckPoint VSX? Akhilesh
Reply | Read entire comment
View all comments