On 8/1/24 18:46, Rich Pieri wrote:
Because we didn't have firewalls in the 1980s.
Correct. Commercial firewalls date to 1995. But it was not an obscure
product offering, Data Communications Magazine called the first one "Hot
product of the year". We were aware there were problems, that is why a
product addressing them was successful.
And "zero trust" was also coined, the year before.
Both of of these were happening because we *were* aware there were
problems and we *knew* needed to do something about them.
In the mid '90s there were two ways we could have gone. We could have
actually held ourselves to the obligation of building secure stuff--and
fixing things when we got it wrong--or we could have let ourselves off
the hook, hid behind firewalls, and let 30-years of garbage build up.
(Not a whole 30-years worth, the early garbage has been retired.)
Mostly we picked hiding our new garbage behind firewalls, because it was
easier.
Thank goodness Unix and Linux have always been on the "secure it" side
of things, which is why both have always been viable ways of running
servers, on the open internet, without a firewall.
Ipchains didn't show up until a few years later, and Linux always
treated it, and iptables, as supplemental not as a necessary crutch.
:whew:
Thank you, Linus.
We didn't build an infrastructure that expected firewalls to protect
it. We built firewalls to protect the infrastructure that originally
didn't need protecting.
There is almost no computer still running that predates 1995. Museum
pieces, machines that nostalgics keep alive because they can, and
apparently a fair amount of COBAL---but running on newer hardware.
Pretty much everything else has been built since then. Everything else
has been built with firewalls in mind. We have used them as an excuse
for not securing *new* software, for 30-years.
What else was happening in 1995? Windows 95 was out and 14,400 was the
hot new modem speed. That was a long time ago. Though the Macintosh was
already a decade old, and I was already had my own borg.org e-mail, but
not running my own server, I have been doing that for not even a
quarter-century.
I shake my head over the fact that it took 30-years of firewalls being
insufficient for the idea of not depending on them as the foundation of
computer security to get any traction.
I do admit it, I have only hated firewalls for as long as they have
existed.
-kb, the Kent who watched in horror, as it happen, watched us build
decades of new, insecure stuff...because firewalls made it okay!
_______________________________________________
Discuss mailing list
Discuss@driftwood.blu.org
https://driftwood.blu.org/mailman/listinfo/discuss
