The host may be too stupid to protect itself - read Bugtraq
or other similar
lists for the gory details.
The fact that many hosts are too stupid to protect themselves is not a
reason to architecturally require that the border provide security. The
marketplace may find an opportunity there, but 'the right thing' is to
set the expectation that self defense is the requirement.
In addition, an external border is useful as a
checks-and-balances, for the
same sort of reasons why the person balancing your company's
be the guy writing the checks,
Since I do both, I have a hard time agreeing with this analogy. Also if
you start down this path as justification for a filtering router as a
security device, there needs to be an external auditor in the picture.
Where is that service in the average NAT?
or having Customs inspectors at the border
crossing - what percent of the people on international
the rules about carrying live biologicals (both animal and
any country they may be visiting?
This argument has some level of merit, but has the orientation
backwards. The border guard is not there to protect the traveler who
might be inadvertently (or maliciously) carrying contraband substances
across the border. They are there because it is cheaper to have a few
educated guards than to continually educate the entire internal
population on proper isolation and disposal. Since software doesn't have
the same attention variability over time as humans, or the continual
churn in education level for each generation, there is reason to believe
that eventually self protection could be cheaper than the overhead of a
collection of border guards.
My question was directed at Noel's assertion that security requires a
site border router as the implementation. Just because that may be
cheaper than fixing all the current hosts, wouldn't we be better off in
the long run if all future hosts protected themselves?