Time to rethink the term ‘firewall’

Opinion
Nov 16, 20053 mins

* Does the traditional fortress layout need to be reconfigured?

Editor’s note: Starting Dec. 7, Network World’s Windows Networking Tips will be renamed Windows Networking Strategies and will be mailed once a week on Wednesdays. Dave Kearns will continue to bring you his take on the goings on in Redmond and analyze how Microsoft’s latest moves will affect your networking infrastructure. We hope you enjoy the new format.

I was at a conference last week (Digital ID World – Financial Services) and, like most conferences and trade shows these days, there was a temporary wireless network installed and available to all attendees. When at work, I use my laptop in the office to connect wirelessly to the office network and use the security provided for that network. But when on the road, I use ZoneAlarm a so-called “personal firewall.” As luck would have it, as I was loading it up a notice of an update popped up on my screen, so I told the PC to go and get it, then install. While this was happening, Phil Becker, the host for the conference, was also talking about firewalls (as part of identity-based access control), and the coincidence of the two events got me thinking.

The term “firewall” has been in use for a dozen years or so to describe a system that provides what we might call “perimeter security.” That is, the firewall creates a fence around our network, a fortress to keep out the bad guys. That fence typically gets built around the enterprise’s internal network but, as I was using it, the “fort” could also be built around a single PC.

Over the past couple of years, though, that “perimeter” has changed. It no longer looks like a map of a stronghold or fort. Ten years ago “remote access” usually meant dial-up connection to a modem bank, which meant the connection was still within the “fort.” Five years ago, it most often meant a VPN, which “virtually” extended the fort’s walls to encompass a worker at home. Today, though, people are connecting to their (and your) corporate network using all kinds of devices from all sorts of places, many of which are not secured at all. Maybe it’s time to revisit the definition of “firewall.”

In a building, what’s called a firewall is not, primarily, the outer walls but inner walls that segment the building space in an effort to contain fires. If you’re charged with running cable, for example, you’re well aware that you can’t simply cut a hole in a firewall and string twisted pair. Firewalls don’t, per se, prevent fires; they prevent fires from spreading out of control.

People do need to get from one part of a building to another, preferably without having to go outside to do so. Firewalls, therefore, need doors and these are usually called “fire doors.” In the event of a fire, the fire doors are closed to help prevent the conflagration from spreading. Modern fire doors can even be closed automatically when smoke or heat are detected – that is, when a problem arises. Maybe your network needs more fire doors and, perhaps, fewer fire walls. Come back next issue and I’ll explain.