The Death of A Firewall

and the resurrection of a zillion others.

In his article The Death of A Firewall Stuart Berman claims that he is tearing down all his corporate firewalls yet raising the security to his application servers by e.g placing them in their own DMZ's and using a multitier security model for them.

Isn't this how we should have been treating our internal network by default ? (At least we do). Face it .. your internal network is as insecure as the rest of the planet, contractors, visitors, disgruntled employees etc.. all of them are a potential risk for your data. You should protect it as if you were protecting it to an external party. So there's nothing new there.

However he claims that the hardware costs aren't rising becasue he adds the extra layer of security on virtual machines on the same physical machine as his application.
Do we really trust Traditional Virtualisation tools not to give any access to either the Host os or another Virtual Machine, haven't we learned from things such as hughe E1000K security issues and some z-Series memory isolation issues. I don't trust them (Yet). I`m having good hopes for XenSE however :)