Firewall Wizards mailing list archives
Re: [fwd] Firewall Products: Many Not Ready For Prime Time,
From: Christopher Nicholls <chrisn () softway com au>
Date: Thu, 02 Apr 1998 06:57:59 +1000
At 10:39 1/04/98 -0500, Jody Patilla wrote:
I think the real problem is in the way the typical MIS manager seems to view firewalls: one silver bullet that you buy, drop it in place, and life is good. I realize not everyone is so naive, but in trying to wear a consultant's hat for the first part of this year, I've come to learn some _really_ scary things about the Real World.I refer to this as the Mojo Bag Theory of Firewall Purchase. The idea is that you buy one and just having it keeps away the evil eye. :-) (Burning incense in front of the firewall may or may not be a "best practice", depending on the particular shaman, er, consultant, that you call in to do the eval.)
I couldn't agree more. Further, I think one of the most alarming trends developing is the movement towards "shrink-wrap firewalls" - buy now pay later! If ever there was an item not to be bought off-the-shelf, it's security. Maybe one day we will be able to use self configuring f/w "..yessiree, just plug in your security policy here Mr Customer... you don't have one? Never mind - use our default virtual policy!". Sounds a bit like the beginnings of a very interesting 1 April prank... But how do you convince the MIS Manager that 1) this is ot a good approach, 2) you (the consultant) are not just holding the high intelectual ground to prevent them from such implementations and 3) IT security is not talismans and incense? A firewall is not a means unto itself - it is only the proverbial tip of the (security) iceberg. Regards, Christopher ----------------------------------------------------------------------------- Christopher Nicholls chrisn () dynamite com au ~~~~~~~ chrisn () softway com au ----------------------------------------------------------------------------- m: 0411 454755 w: +61 2 6243 4834 h: +61 2 6241 2112 wf: +61 2 6243 4848 hf: +61 2 6241 8926 ---------------------------------------------------------------------------- -
Current thread:
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Study Says C Matthew Curtin (Apr 01)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Study Says Adam Shostack (Apr 01)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Study Says Marcus J. Ranum (Apr 01)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Jody Patilla (Apr 01)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Christopher Nicholls (Apr 01)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Adam Shostack (Apr 01)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Christopher Nicholls (Apr 01)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, David Bonn (Apr 02)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Christopher Nicholls (Apr 01)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Christopher Nicholls (Apr 01)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Study Says Adam Shostack (Apr 01)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Rick Smith (Apr 01)
- Re: [fwd] Firewall Products: Many Not Ready For Prime Time, Study Says -= ArkanoiD =- (Apr 02)