For years, infosec experts have called the firewall a critical ingredient to security, whether it's in a large enterprise or on a home PC. But the San Diego Supercomputer Center (SDSC) has defied that logic with what some would consider surprising success. Abe Singer, computer security manager for the SDSC's Security Technologies Group, explained how companies can maintain strong firewall-free security at the 2006 USENIX Annual Technical Conference Thursday. He has also produced a presentation (.pdf) on the subject.

Singer said there's a "horrible truth" about firewalls: they have performance problems, are vulnerable to cascade failures and changing one rule on the network can open up a security hole someplace else. He said a fellow IT professional once conducted a routine firewall test and found several ports wide open. But perhaps the biggest problem of all is that users inside the firewall can't be trusted. "Firewalls can't protect you from what users are doing inside the company," Singer said. "If I want to steal from a bank, I won't try to punch through their firewall. I'll get a job in the mailroom."

The link for this article located at SearchSecurity is no longer available.