Firewall Wizards mailing list archives
Re: Practical Firewall Metrics
From: Michael Brennen <mbrennen () fni com>
Date: Fri, 20 Feb 1998 10:26:20 -0600 (CST)
I'm surprised you support this for the simple reason you point out: vendors can claim anything they want. Calling a template a "highly paranoid access policy" is useless unless you have the understanding to verify that it in fact does what you need. I distrust vendor packages / templates / etc. for precisely this reason: I don't trust them to keep *my* best interest beyond *their* own best interest. Without a well defined impartial standard and common terminology, templates don't mean anything beyond the marketing language used. I think you are advocating an external template standard, but templates per se without a standard don't seem to be any good because we are back to lack of understanding. IMO of course. -- Michael On Fri, 20 Feb 1998, Marcus J. Ranum wrote:
Network-1 makes a firewall called Firewall/Plus. It's a pretty good firewall, but the one thing that I think is terrific about it is that it has a bunch of policy templates for quick install. You ... Need I mention that if such template standards existed, they would form useful backbones for IDS rule-sets, network scanners, and compliance audit tools? One of the problems with IDS is that it's hard to define "normal" -- having a templated policy defines a baseline of "normal" in a way that would be highly useful. If ... The second issue is that validating firewalls is EXTREMELY hard because vendors can make whatever ridiculous claims they like and get away with it. "Our new turbo-whomping voodoo packet
Current thread:
- INtrusion Detection Gary Crumrine (Feb 17)
- Re: INtrusion Detection Frederick M Avolio (Feb 18)
- Re: INtrusion Detection Aleph One (Feb 18)
- Practical Firewall Metrics...Was: INtrusion Detection Christopher Nicholls (Feb 20)
- Re: Practical Firewall Metrics Marcus J. Ranum (Feb 20)
- Re: Practical Firewall Metrics Michael Brennen (Feb 20)
- Re: Practical Firewall Metrics Marcus J. Ranum (Feb 20)
- Re: Practical Firewall Metrics Christopher Nicholls (Feb 24)
- Practical Firewall Metrics...Was: INtrusion Detection Christopher Nicholls (Feb 20)
- Re: Practical Firewall Metrics Bennett Todd (Feb 20)
- Re: Practical Firewall Metrics Leonard Miyata (Feb 20)
- Re: Practical Firewall Metrics...Was: INtrusion Detection Bennett Todd (Feb 20)
- <Possible follow-ups>
- Re: INtrusion Detection tqbf (Feb 18)
- Re: INtrusion Detection Adam Shostack (Feb 18)
- Re: INtrusion Detection Vern Paxson (Feb 18)
- Re: INtrusion Detection Marcus J. Ranum (Feb 18)
- Re: INtrusion Detection tqbf (Feb 18)