I’ve been checking out theJericho Forum commandments (pdf) and their concept of de-perimeterization. I’m happy to have taken the time to sit back and examine their material posted. Whether I agree or not, it is useful to examine discussion and what other groups think.
1) I stand by my intial thoughts that the concept of “de-perimeterization” is old. I really bet this concept is rooted back in a time before deep inspection firewalls, and maybe even before stateful firewalls. The term is unfortunate and likely needs to be changed, unless they are using it just for the attention. If so, it works! 🙂 But otherwise, I don’t buy that de-perimeterization is the future. Sure, maybe borders of yesterday were nice and square like the state of Colarado. But today and maybe into the future our borders will be more complicated like the islands of the Nunavut Territory in Canada (am I the only one who missed the Northern Territories being split? And does that mean I don’t know my geography? …the flaw in quizzing adults about geography and generalizing the result down into child education values…). Nonethless, there are still borders and we will always have a perimeter of some sort for as long as we need any type of centralization management of systems or data.
2) The commandments do make for an excellent ideal. A possibly unattainable ideal. I’m dubious about the scale of such solutions, and I really think this framework only works on a very large scale. Anything below it really can’t be bothered.
3) On the other hand, this framework does include excellent guidelines and “rules.” Even if they are not followed to a letter, they are rooted in solid digital security concepts. We should keep them in mind no matter what ultimate framework we follow.
4) Likewise, I really think all security professionals should review what the Jericho Forum is saying, and I’d love to attend a presentation some day for even more clarification and discourse. As sec pros, we should be able to discuss such things and keep an open mind about other viewpoints. Besides, if there was an ultimate and perfect solution to our problems, I’m guessing we’d have happened upon it by now and all been wowed to the point of tears. But we’re not, and as such, any and all approaches tend to have strong points and good ideas.
5) In the end, do I care about this framework itself? Not really. It’s a great exercise, but not really actionable for me in a smaller company beyond just being informed.
jericho 1 – de-perimeterization and the jericho forum commandments
jericho 2 – the jericho forum and the de-perimeterization solution
jericho 3 – the first three commandments: the fundamentals
jericho 4 – commandments 4 – 8
jericho 5 – commandments 9-11
jericho 6 – my conclusions
LV Said: “I’m happy to have taken the time to sit back and examine their material posted. Whether I agree or not, it is useful to examine discussion and what other groups think.”
…and that’s all that really matters. Thanks for your excellent coverage on the matter. It’s not necessary to “agree,” but the fact that you thought about it illustrates a level of interest and rigor that surpasses about 90% of the people who have “contributed” to the debate.
/Hoff