26.5. When Should You Start Over?
One of the most important things to
recognize about maintaining a firewall is that the older it is, the
more maintenance it's going to require. At some point, you
simply need to say "enough" and start over with a new
firewall. At the rate the firewall arena is changing today, we
generally tell people that if they build the best firewall they can
today, they should probably plan on replacing it in 18 to 36 months.
Lots of things that affect firewalls are changing very fast,
including the attacks they're subjected to, the tools for
building them, and the services their users demand.
Here are a few examples of how quickly things can change on the
Internet. Between the first and second editions of this book:
- Windows NT became a viable platform for providing Internet services.
- The World Wide Web went from being a promising application that
computer people knew about to being the most important technology on
the Internet and an indispensable part of any advertising campaign
for anything.
- Linux went from being one person's eccentric hobby to being
something between a major operating system and a social uprising.
In another two years, we're going to be facing a whole new
series of attacks, have a whole new set of tools at our disposal, and
be dealing with a whole new set of services demanded by our users.
Nobody knows for sure what these attacks, tools, and services will
be, but you can safely predict that the Internet will be
significantly different from what it is today. Of course,
that's true for just about any two-year period in the history
of the Internet that you care to examine. The one constant about the
Internet is constant change -- constant growth, a constant
stream of new services and new tools, and so on.
| | |
26.4. How Long Does It Take? | | 27. Responding to Security Incidents |