RE: Security urban legends

[dreamwvr <dreamwvr () dreamwvr com>]

hi Daemon,
> > since FW1 has announced that they will be porting over to linux 
> > http://www.informationweek.com/story/IWK19991105S0006
> > this could make things interesting although i seriously doubt that 
> > FW1 will become open source.. also IMHO they are going to have a difficult
> > time convincing linuxians to switch from ipchains/ipfwadm or whatever the 
> > next rev will be called which i can't remember to FW1.
.. i am aware of many of the pros and cons of FW1..
> FireWall-1 is, generally speaking, more fully featured than Linux's
built-in firewalling features. That may be a compelling enough reason for
some.
.. they will still have a difficult time IMHO convincing true blue 
linuxians that FW1 is worth the price of admission on the linux os.
although i do agree that a KDE/GNOME/WM integrated gui will go a long ways 
the below issues by Roger Marquis will not simple go away no matter how 
much the vendor might wish them to..;-}) plus there posture appears to be
perceived by many counter productive compared to the model being presented
by open source model and digitally stamped by the Richard Stallman's of 
etherworld:-)) hmmm.. although approaching it from a different angle such 
as the creation of a dedicated appliance as marcus ranum = NFR has would be
accepted far more readily AFAIK. (in regards to feature rich firewall i 
would agree completely with you daemon..)
ODS will probably not correct some of the more serious issues with FW1,
issues such as licensing, logging, and pre-applied rules.  

WRT licensing - many sites do not wish to register their external IP
address('s).  Doing so can severely limit their flexibility, such as
when switching ISPs.  This is mainly due to the problems and delays
Checkpoint's license database has always been known for.
.. this comment is 'very' valid and annoying to clients that use 
cp..
Checkpoint also requires all licensees to register their company name,
address, contacts, email, (vendor?) etc.  It's not clear what the
business case for this information is be but the fact that the
requirements exist should be a red flag to companies concerned with
privacy and economic espionage.
.. as is this point.. many ;-)) thought/think it a bit unsual that 
their forms online was non ssled yet required much very private 
info. .. particularly for a banner security co. what is wrong with 
this picture..:-/) 
IMHO,
- --
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
                                                        Regards,
                                                        
                                                        
Reuters, London, February 29, 1998: 
Scientists have announced discovering a meteorite which will strike the 
earth in March, 2028.  Millions of UNIX coders expressed relief for being 
spared the UNIX epoch "crisis" of 2038.
_______________________________________________________________________

************** DREAMWVR.COM - TOTAL INTERNET SERVICES ****************
  TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here..
           <http://www.dreamwvr.com/services/MAX_SEC.html>
   DREAMWVR.COM - The Console of Many... 90 Topics Covered
<http://www.dreamwvr.com/dynamicduo.html> <mailto:dreamwvr () dreamwvr com>
->> LINUX-MANDRAKE Solution Provider and North American Distributor <<-
                        PRODUCT OF THE YEAR!
         <http://www.dreamwvr.com/mandrake/mandrake-main.html>
                       "===0 PGP Key Available  
*************** "As Unique as the Company You Keep." *****************
    "If anyone speaks from DREAMWVR.COM its certainly not me:-)"
________________________________________________________________________