The latest Crypto-Gram centers on electronic liability and (and versus) security, but one paragraph in particular eloquently crystallizes one-half of my objection to firewalls (the other being that they’re more to do with monitoring and/or blocking access from folks within the firewall)
Think about why firewalls succeeded in the marketplace. It’s not because they’re effective; most firewalls are installed so poorly as not to be effective, and there are many more effective security products that have never seen widespread deployment. Firewalls are ubiquitous because auditors started demanding firewalls. This changed the cost equation for businesses. The cost of adding a firewall was expense and user annoyance, but the cost of not having a firewall was failing an audit. And even worse, a company without a firewall could be accused of not following industry best practices in a lawsuit. The result: everyone has a firewall, whether it does any good or not.