Some truths, like gravity, last a long time.
Others don’t.
If you were involved in computing in the 1990s, you knew all about firewalls and their ability to block outside threats. The firewall protected a safe enclosed area.
We all believed this, and it was common wisdom.
A 1998 paper, accessible (PDF) via the Purdue University website, reflects this 20th century thinking.
The first line of defense against external threats to computer systems and networks is a firewall. Whether a computer is in a corporation, government agency, university, small business, or home, if it is connected by a network to other computers, its resources, plans, and data are at risk–and so is the reputation of its owners. A firewall can help reduce that risk to an acceptable level.
Firewall technology is a set of mechanisms that collectively enforce a security policy on communication traffic entering or leaving a guarded network domain. The security policy is the overall plan for protecting the domain. Embodied in hardware, software, or both, a firewall guards and isolates the domain…
And yes, we really believed this.
Now we don’t. Because our remote servers have expanded into something we now call the “cloud,” our computing devices now include souped-up telephones, and everything is provided “as a service.” There is no longer an inside and outside, and threats can come from anywhere.
On Monday I will share a post on Zero Trust Architecture, which repudiates the firewall model.
Bredemarket 