More thoughts on deperimeterization
by Anton Chuvakin
Related link: http://www.csoonline.com/read/110105/machine.html
I did blog about the subject of "deperimeterization" as advocated by the so-called "Jericho Forum". In his paper Simson Garfinkel points out several more problems with the approach they advocate, some of which overlap with what I mentioned in my previos blog post on the subject.
Namely, why break the classic perimeter protections and build some new "secure architecture"? Its not like firewalls are not doing their job, its just that they are not doing everything you need to protect yourself. At the same time, most things in the IT real seem to evolve slowly rather than get rebuilt "right" overnight.
So, don't scrap the firewalls, just slowly head downstream with the rest of the world towards bigger adoption of "self-defending computers" (aka personal firewalls and client protection) and further towards adopting "self-defending documents" (aka what DRM might become)... But with every new layer of defenses, keep the old ones intact!
DRM is not about self-protection, but about limiting features.
The patent system is absurd?