Re: Firewall administration.

[Adam Shostack <adam () homeport org>]

So what should a small company do?  They don't have the skill in
house; probably can't find someone good to bring in as a consultant or
staff member, since the big players pay more.  So, should they not buy
a FW when connecting to the internet?  Even a badly done screening
router offers some protection.  (It also offers overmuch peace of
mind; but a good fitness for purpose warranty might fix that.)

Adam


Bennett Todd wrote:
|> It is a question of scale. The big firewall houses are marketing their wares
|> towards a small percentage of customers, when compared to the vast smaller
|> market that exists that cannot afford them.

| I think you have it backwards; the big firewall houses are divided into two
| categories; there are the old guard, selling proxy-based firewalls, who are
| selling to big companies who want the assurance they get from starting with a
|mature, well-tested system set up by experts and configured with their help to
|match the local security policy. The recent deluge of new brands are trying to
|market to people who have heard that a ``firewall'' is a good thing, and don't
|know how to shop for security, and so are shopping for convenience instead.
| 
| > Companies that produce products that are watered down versions or better
| > yet, full featured at lower, more realistic prices are going to find the
| > field ripe for the picking.
| 
| The fullest-featured firewall out there, with the most flexibility in
| accomodating policies from the least to the most strict, is free. The
| companies that are producing watered-down versions --- or boxes that try to
| add convience so you don't need to understand security to configure them ---
| aren't doing any service at all, to anyone except themselves:-(.
-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume