I worked in infosec for a while. Nearly every real-world threat we saw came in via HTTP, IMAP/POP3, or some other "pull" mechanism. Firewall might as well not have even been there. Anyone who thinks "firewall == security" is terribly out of date.
I'd say the only thing firewalls still provide protection against is pure remote vulnerabilities in common system services. Those still appear occasionally, but are more rare than they used to be. With better service isolation, coding standards, and authentication they'll become even rarer.
I worked in infosec for a while. Nearly every real-world threat we saw came in via HTTP, IMAP/POP3, or some other "pull" mechanism. Firewall might as well not have even been there. Anyone who thinks "firewall == security" is terribly out of date.
I'd say the only thing firewalls still provide protection against is pure remote vulnerabilities in common system services. Those still appear occasionally, but are more rare than they used to be. With better service isolation, coding standards, and authentication they'll become even rarer.