Hi Rob,
What makes you say firewalls suck? Sure they're not the be all and end all of security, but I've always thought they have their place in a well designed security architecture.
I've always been quite fond of thinking of them as "complexity control" devices (think I got that from one of Marcus Ranums articles). The idea being that obviously these days they don't stop all the attacks, but they're useful for cutting out the noise from external connections and ruling things out. So if you only allow two ports through then at least you only have two protocols to worry about...
Yes, 'complexity control' is a good point well made. It's all about context. I am a pure security nerd, not a network admin. I hate the fact that we need to have some clunky box in the way to filter stuff out, because legacy dictates.
From a pure security standpoint, firewalls are a horrible solution. From a practical, real-life standpoint, they are necessary, for now... but this still misses my point really.
Matasano are being hypocritical, and I thought they were 'pure security'. They certainly like to criticise vendors enough. And then they go and try to punt a solution which is about as commercial as it gets.
It's all very clever, don't get me wrong. It's just two-faced, and I for one have lost a lot of my security nerd respect for them. I don't think they'll care that much, especially when the $$$ start rolling in.
It's just a sad day for me, that's all. Like finding out your Dad has been screwing the nanny whilst telling you the virtues of marriage. For example.
Commenting by HaloScan
