Firewall Wizards mailing list archives
Re: Firewall Primitives
From: Adam Shostack <adam () homeport org>
Date: Sat, 9 Nov 2002 12:02:00 -0500
On Wed, Nov 06, 2002 at 04:31:50PM -0500, Marcus J. Ranum wrote: | Older systems _were_ perfectly capable of doing checks for malicious | behavior. A few of them did, even the first proxy firewalls. The | reason firewalls don't do exhaustive checks has more to do with | market dynamics and time-to-market than it does with performance | issues in doing fast checks. Simply put: most customers would rather | buy something that says "gigabit" on the marketing glossies than | something that says "freakin' intensely secure" I may lose my curmudgeon card for this, but, I'll suggest that for almost all customers, thats the right choice. That's not to say that almost all customers prefer speed to security. However, speed claims are relatively easy to verify. Security claims are really hard to verify. Given that marketing can stamp "freakin' intensely secure" where they want, but that stamping 'gigabit' on something is falsifiable, everyone stamps "FIS," making it useless as a decision making criteria. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewall Primitives, (continued)
- Re: Firewall Primitives George Capehart (Nov 04)
- Re: Firewall Primitives Victoria of Borg (Nov 05)
- Re: Firewall Primitives Magosányi Árpád (Nov 05)
- Re: Firewall Primitives Crispin Cowan (Nov 05)
- Re: Firewall Primitives George Capehart (Nov 05)
- Re: Firewall Primitives Crispin Cowan (Nov 06)
- Re: Firewall Primitives Marcus J. Ranum (Nov 06)
- Re: Firewall Primitives Devdas Bhagat (Nov 06)
- Re: Firewall Primitives Marcus J. Ranum (Nov 06)
- Re: Firewall Primitives Devdas Bhagat (Nov 07)
- Re: Firewall Primitives Adam Shostack (Nov 09)
- BS claims (was Re: Firewall Primitives) Marcus J. Ranum (Nov 09)
- Re: Firewall Primitives Mikael Olsson (Nov 09)
- Re: Firewall Primitives Marcus J. Ranum (Nov 09)
- Re: Firewall Primitives Christopher Hicks (Nov 10)
- Re: Firewall Primitives Predrag Zivic (Nov 10)
- Re: Firewall Primitives Stephen P. Berry (Nov 11)
- Re: Firewall Primitives Cat Okita (Nov 11)