Posted by: Dan O'Connor
Something like this is a good way to get a reaction out of people.
Why you don’t need a firewall.
This idea does not float.
I don’t want to rehash the whole argument but I will leave a handful of points.
1) Not filtering traffic at the perimeter is bad. It’s bad for information gathering, ( yay me, I can scan the whole network ). It’s also bad for security, why rush patching systems when it’s already stopped at the gateway. Your set of users you need to worry about immediate patching get a whole lot smaller.
2) Think how bad something like conflicker would have been if most of the world was not filtering. It’s not that these don’t exists, it’s that they cannot spread like they could now that we are filtering services more effectively.
He also has a reply, http://www.infoworld.com/d/security/the-firestorm-over-firewalls-193409
I still don’t think it floats.