Firewall Wizards mailing list archives

Re: [fwd] Firewall Products: Many Not Ready For Prime Time,

From: Christopher Nicholls <chrisn () softway com au>
Date: Thu, 02 Apr 1998 06:57:59 +1000

At 10:39 1/04/98 -0500, Jody Patilla wrote:

I think the real problem is in the way the typical MIS manager seems
to view firewalls: one silver bullet that you buy, drop it in place,
and life is good.  I realize not everyone is so naive, but in trying
to wear a consultant's hat for the first part of this year, I've come
to learn some _really_ scary things about the Real World.


      I refer to this as the Mojo Bag Theory of Firewall Purchase. The
idea is that you buy one and just having it keeps away the evil eye. :-)
(Burning incense in front of the firewall may or may not be a "best
practice", depending on the particular shaman, er, consultant, that you
call in to do the eval.)


I couldn't agree more. Further, I think one of the most alarming trends
developing is the movement towards "shrink-wrap firewalls" - buy now pay
later! If ever there was an item not to be bought off-the-shelf, it's
security. Maybe one day we will be able to use self configuring f/w
"..yessiree, just plug in your security policy here Mr Customer... you
don't have one? Never mind - use our default virtual policy!". Sounds a bit
like the beginnings of a very interesting 1 April prank...

But how do you convince the MIS Manager that 1) this is ot a good approach,
2) you (the consultant) are not just holding the high intelectual ground to
prevent them from such implementations and 3) IT security is not talismans
and incense?

A firewall is not a means unto itself - it is only the proverbial tip of
the (security) iceberg.

Regards,

Christopher
-----------------------------------------------------------------------------
Christopher Nicholls
chrisn () dynamite com au   ~~~~~~~   chrisn () softway com au
-----------------------------------------------------------------------------
m:      0411 454755     
w:      +61 2 6243 4834 h:      +61 2 6241 2112
wf:     +61 2 6243 4848 hf:     +61 2 6241 8926
----------------------------------------------------------------------------
-

Current thread:

Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Study Says C Matthew Curtin (Apr 01)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Study Says Adam Shostack (Apr 01)
  - Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Study Says Marcus J. Ranum (Apr 01)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Jody Patilla (Apr 01)
  - Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Christopher Nicholls (Apr 01)
    - Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Adam Shostack (Apr 01)
    - Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Christopher Nicholls (Apr 01)
    - Re: [fwd] Firewall Products: Many Not Ready For Prime Time, David Bonn (Apr 02)
    - Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Christopher Nicholls (Apr 01)
  - Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Rick Smith (Apr 01)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Study Says Rick Murphy (Apr 01)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Study Says Rick Smith (Apr 01)
  - Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Study Says -= ArkanoiD =- (Apr 02)