« Web Services on SSL - Giving Attackers Room to Roam | Main | Three Steps to a Rational Security Budget »


Richard Veryard

Hi Gunnar, I question your assertion about the importance of proximity of security mechanisms to the asset being protected. This may be true in some cases, although even in your example I'm not convinced that the airbag is the most important protection I've got as a driver. And for another example, the oxone layer is much better protection against the sun's rays than any amount of suncream.


@Richard -
Ozone is a good example, it mediates the sun's rays. In network firewall security - ports are simply opened/closed, and addresses translated, there is zero visibility into the apps, data and identity.

In, say a XML Security gateway, the connection is terminated, the content (data, identity bound for app) are validated against policy and then forwarded along. This latter example is akin to what the ozone does (for now ;-P )

The comments to this entry are closed.