Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Proxy 2.0 secure?

From: tqbf () pobox com
Date: Thu, 25 Jun 1998 02:42:44 -0500 (CDT)
Bill, please have a look at:

        http://www.data.com/lab_tests/ntfirewalls.html


Please do not cite obviously flawed test results as evidence of the
superiority (or contender status) of NT firewall packages. This article
states that the test methodology for this article consisted entirely of
running ISS (a network security scanner) against the subject firewalls.

Exactly how does running a security scanner designed to detect holes on
networked general-purpose computers demonstrate the security of a
firewall? It doesn't. This article doesn't review the the various network
access-control methodologies employed by the firewall platforms (indeed,
it compares proxy server firewalls directly to stateful packet filters
without even describing what this means).

This article was written with the assumption that it's readers do not
think critically about test results. 

Please note that I work for a competitor of ISS. I would be just as leery
of running Ballista (my team's product) against Firewall-1 or SideWinder;
real firewall testing requires more skill than the ability to click the
"start scan" button in a user interface.

-----------------------------------------------------------------------------
Thomas H. Ptacek          The Company Formerly Known As Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.pobox.com/~tqbf       "If you're so special, why aren't you dead?"
Previous By Date Next
Previous By Thread Next

Current thread: