Re: Firewalls - ITSEC Rating?

[Predrag Zivic <pzivic () yahoo com>]

Well,
Since ICSA became a commercial organization (they make
money and must have some kind of profit) I would
double check validity of their tests.
Although I think that their tests are still the most
competent out there, I simply don't trust them any
more... I guess I have a trust problem:-)) Maybe that
is why I also don't use Verisign certs...:-))
Pez

--- Rick Smith <rick_smith () securecomputing com> wrote:
> At 08:30 AM 02/03/2000 -0500, Marcus J. Ranum wrote:
>
> > I'm sure that many on this list will be shocked to
> hear me say
> > this, but the ICSA firewall product certification
> is orders of
> > magnitude more valuable to real customers than
> ITSEC evaluation.
>
> The Common Criteria is supposed to fix this problem
> by defining "Protection
> Profiles" that establish functional requirements for
> particular types of
> products. There are two firewall profiles already,
> with more on the way.
> The first two aren't much use to most firewall
> customers because the
> requirements are 'way too abstract. You could build
> all sorts of arcane
> devices that meet the criteria while remaining
> steadfastly useless for most
> security purposes. At least a hub is useful for
> something.
>
> Rick.
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com