Firewalls. Everyone's got one, right? It wasn't always that way. I remember back when I first started teaching people how to build firewalls. I'd ask the people in my class how many of their organizations were Internet-connected already? Usually there were only a few hands raised. Today, virtually every organization of significant size is connected to the Internet and employs some kind of firewall.

When I started building firewalls, I knew the other seven guys who were also building firewalls. Today, there are over 400 products that claim the name "firewall" or have firewall functionality. The concept of firewalls has even started to have an effect at the cultural level: I once heard a kid on a train once describe his mother as a "stateful firewall" to one of his buddies. The times have changed. And, that's the one big constant in computer security: things change - and they change quickly. Today's firewalls are dramatically better than the early ones my friends and I were building in the late 1980s. They are easier to set up, much more transparent, and handle a huge array of application protocols. They operate at near wire-speed, have fancy graphical interfaces, and cost a fraction as much. However, they are also much more complicated. Amongst other things, they have to deal with application protocols that tunnel on top each other (how about RPC over HTTP over SSL if you want a recipe for headaches?) and with undocumented proprietary protocols that are not comprehensible, let alone securable.

If you'd asked me twelve years ago whether there was still much to discuss about firewalls, I'd have told you that they were pretty much of a dead issue, that we already understood well enough. I'd have been wrong.

As time has gone by, the questions have multiplied. Security professionals have still got a lot to learn; fortunately, they also have a lot of knowledge to share. With that in mind, SecurityFocus has created the Firewalls focus area, a site dedicated to providing the information security community with a centralized source of comprehensive, vendor neutral information regarding firewalls and related technologies. The Firewalls focus area will include technical articles, new tools, listings of new products, firewall-related news, links to firewall-related white papers, and lists of rule sets. The associated mailing list, Firewalls, will provide an open forum all matters related to firewalls: current and future firewall design, auditing, installation, configuration and innovations topics.

The best and most important weapon in the security practitioner's arsenal is knowledge. And the best source for information security information is the information security community. So, welcome to the SecurityFocus Firewalls focus area! Welcome to one of the best weapons in a security practitioner's arsenal - firewall information created by and for the security professionals who deal with intricate firewalls issues on a daily basis.

Marcus Ranum
Bellwether Farm,
Morrisdale, Pennsylvania