[Discuss] Port Scanning

Kent Borg kentborg at borg.org
Fri Aug 2 14:29:43 EDT 2024 

On 8/1/24 18:46, Rich Pieri wrote:
> Because we didn't have firewalls in the 1980s. 

Correct. Commercial firewalls date to 1995. But it was not an obscure 
product offering, Data Communications Magazine called the first one "Hot 
product of the year". We were aware there were problems, that is why a 
product addressing them was successful.

And "zero trust" was also coined, the year before.

Both of of these were happening because we *were* aware there were 
problems and we *knew* needed to do something about them.

In the mid '90s there were two ways we could have gone. We could have 
actually held ourselves to the obligation of building secure stuff--and 
fixing things when we got it wrong--or we could have let ourselves off 
the hook, hid behind firewalls, and let 30-years of garbage build up. 
(Not a whole 30-years worth, the early garbage has been retired.)

Mostly we picked hiding our new garbage behind firewalls, because it was 
easier.

Thank goodness Unix and Linux have always been on the "secure it" side 
of things, which is why both have always been viable ways of running 
servers, on the open internet, without a firewall.

Ipchains didn't show up until a few years later, and Linux always 
treated it, and iptables, as supplemental not as a necessary crutch.

:whew:

Thank you, Linus.

> We didn't build an infrastructure that expected firewalls to protect
> it. We built firewalls to protect the infrastructure that originally
> didn't need protecting.
There is almost no computer still running that predates 1995. Museum 
pieces, machines that nostalgics keep alive because they can, and 
apparently a fair amount of COBAL---but running on newer hardware. 
Pretty much everything else has been built since then. Everything else 
has been built with firewalls in mind. We have used them as an excuse 
for not securing *new* software, for 30-years.

What else was happening in 1995? Windows 95 was out and 14,400 was the 
hot new modem speed. That was a long time ago. Though the Macintosh was 
already a decade old, and I was already had my own borg.org e-mail, but 
not running my own server, I have been doing that for not even a 
quarter-century.


I shake my head over the fact that it took 30-years of firewalls being 
insufficient for the idea of not depending on them as the foundation of 
computer security to get any traction.

I do admit it, I have only hated firewalls for as long as they have 
existed.


-kb, the Kent who watched in horror, as it happen, watched us build 
decades of new, insecure stuff...because firewalls made it okay!

More information about the Discuss mailing list