I remember back (way back) at the start of my career studying for what would be an alphabet soup of industry certifications. It started with Novell, a CNA followed the CNE. On to Microsoft and the MCSE, then to the Cisco for the CCNA and CCIE. I went on to more specialized ones but when I look back they all had one thing in common – the ubiquitous brick wall representing the Firewall. Generally square, almost always red and crafted with such detail that the mortar lines were visible.
Jump ahead twenty years or so and it might be blue. Or green. Or an artfully-mixed mosaic of reds and oranges. What’s always been striking to me and painfully obvious to those intent on circumventing such barriers is the inherent security limitations to building one or more little walls around your precious kingdom. One either spoofs their way through it or merely walks around it. Either way, if you follow the should-be-dead-by-now paradigm of “trust all traffic on the inside” of the wall then your attacker is just another cheery, smiling corporate citizen pillaging your customer data. As bad as that hurts, the subsequent public disclosures, headlines, GDPR penalties and falling stock price can make the pain even more acute. The fix? Either there is only wall, or there is no wall.