When: June 11, 2003
What: Gartner's assertion that a firewall appliance can satisfy your security needs.
FUDFactor: Intrusion-detection and intrusion-prevention systems are dead on arrival. The firewall is the most effective defense against intruders.
FUDBust: Some of Gartner's criticisms of these systems are on the mark, particularly the observation that these products haven't delivered on their promises. But it's quite a leap to claim that a firewall offers the best protection. Firewalls have limitations in performance that must be overcome before they can be considered a fix-all. As more complex analysis of traffic is enabled in firewalls, performance nose-dives. Splitting analysis and protective measures across multiple discrete devices distributes processing load and targets protections at specific servers. Besides, the best place for protection from attack is on the servers and applications facing untrusted sources. Properly designed application servers with security built in from the ground up
are far more difficult to break than a poorly designed application behind any firewall.
Post a comment or question on this story.