On Sunday, March 23, 2014 09:24:35 PM Cb B wrote:
My hope is that folks stop equating firewalls with security, when the first step is to secure the host, accountability is with the host, then layer other tools as needed.
I couldn't agree more. As an example, your home PC (whose OS wasn't updated in months because the wife and kids can't be asked) is hit via HTTP in a way your CPE firewall couldn't prevent. It is then used to re-attack other appliances in your home that have poor software with no security features. CPE firewalls won't do anything about that. I support vendors of all kinds (Tv's, microwaves, STB's, home theatre systems, video game consoles, e.t.c.) to include some kind of localized security features that augment what a CPE firewall can offer. This will be even more critical, I think, to getting homes and offices to accept the use of GUA's on the LAN, if we have any hopes of finally getting rid of NAT with IPv6, at the scale we have it in IPv4. Mark.