[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec vs. firewalls

To: "Davis, Terry L" <Terry.Davis@PSS.Boeing.com>
Subject: Re: ipsec vs. firewalls
From: Steve Bellovin <smb@research.att.com>
Date: Thu, 07 May 1998 10:38:44 -0400
cc: "'Phil Karn'" <karn@qualcomm.com>, ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

	 Phil
	 
	 I've been a quiet listener in the background but in reference to your
	 remark:
	 	> (rising to the bait) Firewalls are dead. Get used to it. :-)
	 
	 It's nice to hear someone else say that!  I have been carrying them as
	 "dead technology" in our architecture for the last two years and telli
	ng
	 our vendors the same thing.  They are "dead" and we need completely ne
	w
	 concepts for security here.
	 
	 This becomes completely apparent when you start to design security for
	 multi-gigabit links and the top-of-the-line firewalls pass maybe 100
	 megabits on a good day with tailwind!

That's the easy thing to fix -- throw silicon at the problem.  While,
as I indicated earlier, I don't think firewalls are dead, I whole-
heartedly agree that current corporate-scale firewalls are dinosaurs.
But the problem is connectivity patterns, not speed.

Prev by Date: RE: ipsec vs. firewalls
Next by Date: RE: ipsec vs. firewalls
Prev by thread: RE: ipsec vs. firewalls
Next by thread: RE: ipsec vs. firewalls
Index(es):
- Main
- Thread