We all know how much the IT industry loves its terminology and especially its TLAs. So do we really need more?
Neil MacDonald's blog entry posits the idea that it might be time to retire the term firewalls. He raises a good point that with the addition of user- and content-aware technology to provide more control than the IP address/port approach of "traditional" firewalls, the Next Generation Firewall (NGFW - hey, that's a FLA!) the technology has advanced beyond what was originally envisaged from simple policy-enforcement devices. But, and this is a big but, they are still policy enforcement devices, wherever we place them in the network or, indeed, the stack.
What is wrong with retaining the original term, modified with something that describes its new functionality ("Next Generation") or specific purpose ("Web Application")?
In England, when we go to the builder's merchants to buy tiles, we specify roof tiles, wall tiles, bathroom tiles, floor tiles, patio tiles, etc. They are all tiles, we just prefix them with their intended location. In France, however, we have a different word for each type of tile (tuile, carrelage, carreau, faience, etc.) This makes life difficult for the foreigner, and much more confusing.
Whilst I am sure those of us working in the industry would just love to invent a new term for these wonderful new devices, spare a thought for the poor end-user. Enterprises may have got to grips with the terminology, for example, but the SOHO user has only just begun to understand what a firewall is all about. And we still can't decide what exactly constitutes a NGFW, for that matter, so how many new terms will we need to come up with to cover all of the feature options the vendors are scrabbling to include in their new firewall products? Hopefully not as many as there are French words for tile!
Let's not move the goalposts again. Let's stick with the horseless carriage option for just a little longer.
[UPDATE]: Neil responded in his latest blog post and makes a great point. Where functionality and, more importantly, the administration requirements are significantly different from a "traditional" firewall - as in Neil's example of the WAF - then a name change would be appropriate. The biggest problem with keeping the same term for all those different tools is, if you have a hammer in your hand, everything starts to look like a nail. My argument was simply that I would prefer to see the term NGFW adopted before AASG (Application Aware Security Gateway) - I don't think we need to ditch the term firewall just yet.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment