On 7/10/2024 7:58 AM, Phillip Hallam-Baker wrote:
And when we get to corporate networking, it is very much the same. Every customer I have ever had has always wanted a model in which their network is separated from the Internet by a moat with clearly defined physical and logical access points.
The "crunchy on the outside" model of security would only work if you could trust every person and every device inside the perimeter, and if there were no uncontrolled bridge to the outside. But in practice you cannot really do that. So ultimately some kid of virus makes it in, roams freely "inside the moat", and you get a ransomware attack or a data dump. It reminds me of the big walls of medieval cities. They might have protected the inhabitants against bandits and raiders, but they certainly did not prevent rats from bringing in the plague.
-- Christian Huitema
