What is one reason traditional access control powered by legacy on-prem firewalls is considered ineffective?

One reason that traditional access control powered by legacy on-prem firewalls is considered ineffective is because network-to-network access can allow for lateral propagation, which increases the attack surface. In legacy firewall setups, once an attacker compromises one device or network zone, they often have the ability to move laterally through the network, seeking out other vulnerable devices or systems. This lateral movement can be facilitated by the inherent trust models of these firewalls, where devices within the same zone may not be adequately isolated.

In contrast, modern security approaches emphasize micro-segmentation and the zero-trust model, which aim to limit the ability of unauthorized users to access other parts of the network, even if one part has been compromised. In essence, traditional methods that allow free movement across network zones can create significant vulnerabilities, making them less effective in today's threat landscape.

The other options do not accurately represent the challenges associated with traditional firewalls. For example, while micro-segmentation is a goal for enhanced security measures, it does not fundamentally address lateral movement which is a core vulnerability of legacy systems. Additionally, compatibility issues with Linux and IoT devices or the ability to set up Layer 7 application rules do not directly relate to the broader implication of attack surface expansion due to