Firewall Wizards mailing list archives
Re: Leader in firewall product
From: Magosányi Árpád <mag () bunuel tii matav hu>
Date: Mon, 18 Sep 2000 10:27:35 +0200
A levelezőm azt hiszi, hogy LULLIER Thomas a következőeket írta:
[]
In decreasing order of secureness:
-Dragonfly
Dragonfly is a guard. It does Mandatory Access Control, evaluated in EAL3 level, as far as I can remember. You can create a very strictly secure enclave using a public network with it. It is very good in rapidly changing tactical environment. It is designed to be used in wartime conditions.
-Zorp
Zorp is a real application-level firewall. Example: While other firewalls can control some 5-6 aspects of a ftp session, it can control every little detail. It is also highly modular, which means it can handle protocol-wrapped-in-another situations effectively. It also has some guard-like features. It is in early state, but aims to be EAL3, and CC evaluated against some LSPP-like PP. And its authentication system is just a major hit.
-Cyberguard
Cyberguard runs on trusted unixware. That means it has good host security. Maybe its proxies are not as good as the others, I haven't the time to play too much with it. (So you can put it below Gauntlet if you like).
-Borderware
Borderware is just a hardened Gauntlet running on a hardened BSD. (Okay, maybe it isnt gauntlet, but the feeling is the same). It has an ST which claims it to be EAL4, but I cannot imagine how could that ST got evaluated (not big issues, but I had some formal problems with it). It seems really a secure one for the old-type internet firewall usage, I say it from experience. But do not hit it with big traffic.
-Gauntlet
Yeah, Gauntlet is Gauntlet. The standard internet firewall, designed by MJR himself. It is among the most robust firewalls. It is a very good one while you are using it for what it is designed. But there are some mayor problems with it recently: Problem #1 is NAI. You might be in roughly safe position when only your local firewall distributor knows nothing about firewalls. The situation is a lot worse when the product owner does the same. Well, shiny buttons are very important, but not for a firewall. Problem #2 is that Gauntlet is an internet firewall. Try to use it as a key building block for your intranet security, and you will understand.
Eh? Gauntlet is less secure than everything mentioned so far?
It depends on what are your mean concerns of security, of course. My main concerns are MAC and EAL in this order, because I am interested in intranet network security.
Would you be so kind as to explain exactly why you feel this to be the case? IIRC: once-upon-a-time, Gauntlet was regarded by many as being the *most* robust of firewall products, security-wise. (I'm talking about 'nix versions. I care not a whit for or about NT.)
Please do not misunderstand me. Gauntlet IS a good internet firewall, if you don't expect too much from it. -- GNU GPL: csak tiszta forrásból _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Leader in firewall product LULLIER Thomas (Sep 13)
- Re: Leader in firewall product Magosányi Árpád (Sep 14)
- Re: Leader in firewall product Jim Seymour (Sep 16)
- Re: Leader in firewall product Darren Reed (Sep 18)
- Re: Leader in firewall product Magosányi Árpád (Sep 18)
- Re: Leader in firewall product Rick Murphy (Sep 18)
- Re: Leader in firewall product John Alsop (Sep 19)
- Re: Leader in firewall product Rick Murphy (Sep 19)
- Re: Leader in firewall product Marcus J. Ranum (Sep 20)
- Re: Leader in firewall product Jim Seymour (Sep 16)
- Re: Leader in firewall product Magosányi Árpád (Sep 19)
- Re: Leader in firewall product Rick Murphy (Sep 19)
- Re: Leader in firewall product Magosányi Árpád (Sep 14)
- Re: Leader in firewall product Marcus J. Ranum (Sep 18)
- <Possible follow-ups>
- Re: Leader in firewall product Jeffery . Gieser (Sep 14)