Firewall Wizards mailing list archives
Re: Cisco PIX bug, discussions (lenghty)
From: Travis Low <tlow () mindq com>
Date: Wed, 26 Aug 1998 09:34:30 -0400
At 09:58 AM 8/25/98 -0700, Ryan Russell wrote:
If I may also make a sweeping statement: Performance isn't relevant to security applications. I.e. you can't say "it will hurt performance, so we'll leave out some security." If that were a consideration, we wouldn't use firewalls. Realistically, that means that if it's too slow we buy bigger boxes or suffer along at a slower pace.
End users don't like to suffer. If performance is lousy, they will try to circumvent security procedures in order to get Real Work done. Thus, security policy implementations need to take human impatience into account. It follows that performance is relevant to security. Real life example: Company allows zero incoming TCP connections, so users secretly buy and install modems. Travis -------------------------------------------------------------------- Travis Low MindQ Publishing tlow () mindq com 11490 Commerce Park Drive #400 +1 703 262 6616 (vox) Reston VA 20191-1532 USA +1 703 716 0237 (fax) http://www.mindq.com -------------------------------------------------------------------- "What are you eating? Are you a rubbermint?" -- Tiernan Low
Current thread:
- Re: Cisco PIX bug, discussions (lenghty), (continued)
- Re: Cisco PIX bug, discussions (lenghty) Eric Vyncke (Aug 25)
- Re: Cisco PIX bug, discussions (lenghty) Robert Stahlbrand (Aug 27)
- Re: Cisco PIX bug, discussions (lenghty) Kevin Steves (Aug 28)
- Re: Cisco PIX bug, discussions (lenghty) Eric Vyncke (Aug 25)
- Re: Cisco PIX bug, discussions (lengthy) Frank Willoughby (Aug 26)
- Re: Cisco PIX bug, discussions (lenghty) Euan (Aug 26)
- Re: Cisco PIX bug, discussions (lenghty) Aleph One (Aug 27)
- Re: Cisco PIX bug, discussions (lenghty) Robert Stahlbrand (Aug 27)
- Message not available
- Re: Cisco PIX bug, discussions (lenghty) Eric Vyncke (Aug 28)
- Re: Cisco PIX bug, discussions (lenghty) Joseph S. D. Yao (Aug 26)
- Re: performance vs. security (was Cisco PIX ...) (NetQuest) Borkin, Michael (Aug 30)
- Re: Cisco PIX bug, discussions (lenghty) Robert Stahlbrand (Aug 27)
- Re: Cisco PIX bug, discussions (lenghty) Aleph One (Aug 28)