« Notes on Vista Secure Development talk | Main | Intitial thoughts on Vista Security »

Routing versus security

We had a guest lecturer from industry in class several weeks back. He gave a very good talk about the issues they encountered while designing a new firewall architecture for their organization. One of the issues he spoke about in passing was how their organization separated routing/networking and security expertise into separate organizations. I had encountered this division when talking with customers as a Cisco person. From the Cisco security perspective this was an undesirable division, because while the networking folks were generally familiar and comfortable with the Cisco way of doing things the security folks were not.

From my perspective as a network security person, I also tended to think that this division was undesirable. We encountered some rather poorly run organizations where not only were the security folks separate from the networking folks, the security folks did not have a good understanding of how traffic should flow. This was very problematic when deploying CSPM. This tool required the user to give a global network security policy and a description of the topology. Then it would generate the appropriate configurations for the policy enforcement points (i.e. firewalls and security appliances). But if you didn’t understand your network topology, the generated configurations were worse than useless. In a broader sense, you cannot secure network communication if you don’t know where the packets could flow.

However, my guest lecturer gave me a new appreciation for a separation of security and routing implementation. In their organizaton, a network device is either a router or a firewall. This modularity simplifies the components in their network architecture. They have no 5 legged firewalls. Each firewall has two traffic interfaces and one mangement interface, so the firewall does no routing. Similarly, the routers only route. They do no packet filtering.

Both firewall configuration and routing configuration can be fairly complicated. Trying to configure them both together just raises many possibility for inopportune interactions (e.g. conflicts between static address translation and routing on PIX devices).

Of course, even if you are separating the implementation of firewall and routing components, someone on your team must understand how both work together. You still cannot do adequate traffic control if you don’t know where the traffic will flow. I’m not sure that I agree with this division in all cases, but I now see how this separation of feature design feature approach can be beneficial in some cases.


TrackBack URL for this entry:

Post a comment


This page contains a single entry from the blog posted on February 28, 2007 3:24 PM.

The previous post in this blog was Notes on Vista Secure Development talk.

The next post in this blog is Intitial thoughts on Vista Security.

Many more can be found on the main index page or by looking through the archives.

Powered by
Movable Type 3.31