We've all seen those firewall pictures that show the Internet ("Here there be Dragons," to quote Dr. Steve Bellovin, as well as ancient maps of "the world"), a firewall, and our inside network with a wall around it. It is a useful picture for explaining firewalls, but it does not picture reality. (To see an example of what I mean, see www.avolio.com/columns/perimeter.jpg.)
In the good old days, only power users connected from home to the enterprise network. Most people couldn't even imagine why one would want to. The power user would dial in to a modem pool at an enterprise access controller, and get command line access to his or her computer. The remote computer acted merely as a terminal. (If some of these terms sound unfamiliar to you, please understand: this was back when we did computing by candle light.) Back then there was no Internet to use or fear, no network on the other side of an "incoming" connection, and the enterprise network perimeter really did have walls around it. The network stopped at the physical edge of the enterprise.
Now, of course, we sit behind firewalls, which demarcate "them" and "us." It is just not that easy to tell who "us" is. Inside our enterprise network we have contract workers. Outside our network there are teleworkers, day-extenders, and road-warriors. Remote sales people are also "out there" on the Internet, but they are part of "us." Some of "us" might be at home, at an Internet Cafe in Prague, or a "big ol' jet airliner." [Steve Miller Band] Some of "them" have to get access to some of which belongs to "us" in order to buy product or get support.
There are a few things we can do to deal with the true picture.
A column I wrote, "Preparing for the Worst" for *On the Radar*, LURHQ Corporation's client newsletter, is at http://www.lurhq.com/vol1.html. LURHQ is a managed security solutions provider, run by friend and former Gauntlet sales engineer, Tony Prince. I am on their advisory board.
My "Just the Basics" column ( The Firewall Physical) in the July 2003 Information Security Magazine asks, "How do you know if your firewall is 'healthy'?"
I'll be teaching "Security Essentials for Managers" and "Firewalls
Essentials for Managers" -- both full day courses -- at COMDEX Canada in
September. Check out my "Speaking and Teaching Calendar" at