Firewall Wizards mailing list archives
Re: Firewall administration and thoughts cont.
From: Darren Reed <darrenr () cyber com au>
Date: Wed, 8 Oct 1997 09:37:08 +1000 (EST)
In some mail I received from Anton J Aylward, sie wrote [...]
The GUI is there to pay homage to the myth that GUIs are "user friendly'. They may be 'friendly' from the point of view of the marketeer WRT uninformed management. They are not friendly to me. They are not friendly to some technically aware managers I do deal with ("why won't it let me see.....?") In particular they hide important information.
Compare FW-1's GUI with attempting to read the Inspect language. IMHO, the inspect language is full of fluff (you shoudn't be setting colors for icons in your firewall config!).
I've recently battled with a firewall which has no alternative to the GUI.
Poorly designed product. [...]
When the computer knows more about what's going on, use a MENU. When the user knows more about what's going on use a COMMAND LINE.
This is 'firewall-wizards'. Not 'firewall-for-idiots' (although there is probably a book of that title by now). If the menu can offer me a "do 90% of the work for policy #27 out of the selection" them give me a command line to do the extra bits, fine, I'll take the GUI. I see this approach in the AUDIT tools from companies like AXENT (which I strongly recommend!!) I hope to see it in firewall configurators.
Which actual products are these ? Last time I looked at them, Tripwire was still far superior (Axent was still using checksums vs. a plethora of non-trivial hashes in Tripwire). They were also slow to use and awkward if you had a large number of changes to make. That and getting shipped a CD-ROM with a `core' file and gdb didn't exactly do a lot for my confidence in it (ESM). Maybe they're a bit better now ? Then there are the standard doubts about it (ESM) with their proprietary `scrambling' between master and agents (i.e. not 3-DES, etc).
Current thread:
- Re: Firewall administration and thoughts cont. Anton J Aylward (Oct 07)
- Re: Firewall administration and thoughts cont. Marcus J. Ranum (Oct 07)
- Re: Firewall administration and thoughts cont. Darren Reed (Oct 09)