Re: Nokia IP platform Versus Netscreen Platform

[Yang Lee <ylee () net50 com>]

> Are we advocating security-by-obscurity here?  Don't think for one
> minute that those who are interested in cracking Netscreen can't
> disassemble it and look for exploits.  I know nothing about NetScreen,
> but if what you say is true, you've just given a very good reason *not*
> to use NetScreen.


In my opinion, 'security-by-obscurity' is two-edge sword, with both merit 
and drawback. I'll consider to use this principle like every one in real 
life. But I'll keep an eye on it though.

The true is, technically speaking, it generally harder for a hardcore 
hacker (knowing how to code!) to find a OS level bug in a private OS. 
simply because he did not have the source code. (application bug may be 
other story).

The fact is there are bugs in ScreenOS. I remember a buffer overflow one 
related to its build in httpd daemon. But generaly, I'm impressed with its 
coding style (you can 'feel' it when you configure it) and the speed it 
evolved (around 1 year for its first screenOS release, as I can remember). 
Compared with Cisco software such as firewall manager... OH, boy!!

Netscreen is a serious choice. Go Netscreen!!


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards