Firewall Wizards mailing list archives
Re: Firewall administration
From: Anton J Aylward <anton () toronto com>
Date: Mon, 06 Oct 1997 23:55:35 -0400
At 12:44 PM 06/10/97 -0400, David Collier-Brown wrote: ## Reply Start ##
I'm empasizing the **opposite**. Whenevevr you turn on something that is ``easy'', you get faced with the hard, physical fact that you've just done something risky. If a form-based interface makes it easy to make mistakes, then make the mistake part of the form. It verges on obvious (but only if you look at it from the point of view of an ergonomist or a security officer, not a developer). I've had to fight many times with programmers who made the easy part easy, and the hard part **more** difficult. Sometimes impossible. Forcing the results into the equation is one of the ways I keep them under control.
One of the UNIX old timer adages is that the easy stuff should be easy and the hard stuff should be easy as well ;-) DC-B, being on the order of an old timer remembers this and has my full support for lampooning programmers who indulge in <insert word for unproductive self amusement with sexual connotations> with code. I'd go further. I've already mentioned my gratification in dealing with the AXENT rule based audit system for UNIX. You start off with a baseline "policy" which can be one of the vendor supplied one or one you've created using the policy editor. It then tells you how the system doesn't conform. You can then add exceptions. Press a button and you get a report - what's your baseline and what's your deviation from the baseline. In firewall terms the baseline is your policy. Now doesn't this make more sense than the way GUIs are working at the moment? OBTW: The Axent interface is a GUI. While its not perfect, its far better than any firewall GUI interface I've met. /anton ## Reply End ##
Current thread:
- Re: Firewall administration Rik Farrow (Oct 06)
- Re: Firewall administration David Collier-Brown (Oct 06)
- Re: Firewall administration Bennett Todd (Oct 07)
- Sidebar re idiots (was Firewall administration) David Collier-Brown (Oct 07)
- Re: Firewall administration Bennett Todd (Oct 07)
- <Possible follow-ups>
- Re: Firewall administration Anton J Aylward (Oct 07)
- Re: Firewall administration Anton J Aylward (Oct 07)
- RE: Firewall Administration Steve Kruse (Oct 12)
- Re: Firewall Administration P.Y BONNETAIN (Oct 12)
- Re: Firewall Administration Larry J. Hughes Jr. (Oct 13)
- Re: Firewall Administration Rudolf Schreiner (Oct 14)
- Re: Firewall Administration Bennett Todd (Oct 15)
- Re: Firewall Administration P.Y BONNETAIN (Oct 14)
- Re: Firewall Administration P.Y BONNETAIN (Oct 12)
- Re: Firewall administration David Collier-Brown (Oct 06)