Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to Save The World (was: Antivirus vendor conspiracy theories)

From: "Marcus J. Ranum" <mjr () ranum com>
Date: Wed, 08 Dec 2004 21:57:57 -0500
Devdas Bhagat ruthlessly trolls for rants with this bait:

Then users need to accept a small bit of slowing down as the cost of
security.


That is just so much boolah and we all know it.

"Performance" is the first money-wrench that users
reach for when they are trying to come up with an
excuse to blockade security. I have yet to run into
an instance where someone who has complained
about "poor performance" has ever backed it up
with measurements. (Except for the instances
where performance was *zero* because someone
unplugged a firewall, or put a "block all" rule in
place)  I've seen cases where users didn't realize
they were behind one of those "slow" proxy firewalls
until someone told them. Then, of course, it was
"too slow" and had to be taken out. 

That's not to say that various security implimentations
don't have some kind of performance impact! I'm sure
that they do. What honks me off, however, is that
the performance argument is widely accepted in
spite of the fact that it's never measured. In the
absence of measures, one might as well use
feng shui or dowsing as a means of designing one's
network - it's just as scientific.

"You must install a proxy firewall this week;
the moon is in the 3rd house and the
router is ascendant. That means that since
our T1 goes north-south we need to
sacrifice 3 black roosters to keep the
hackers out."

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: