There’s an absolutely brilliant retort to one of Jeremiah’s post that was written by ntp about how we have lost sight of how the network security battle was (mostly) won. I was actually stunned that someone bothered to write all that down (it’s quite a read, I’m warning you). But I think he articulated a point that has up until now been very poorly thought through. Yes, we won the network security war. Our perimeters are mostly safe not because of Firewalls but because of all the access controls, protections at the server level, protections we’ve forced on the clients, etc… In fact I know a number of companies that have completely gotten rid of firewalls because they are both a single point of failure and they have rate limits that properly configured servers behind F5’s or SQUID boxes don’t.
Anyway, before I dig myself too deeply (because I know this is a contentious topic) I’m going to ask that you read his comments. Prepare yourself for a ride - it’s a long one.