Firewall Wizards mailing list archives
RE: GXD vs. SPF
From: Frederick M Avolio <fred () avolio com>
Date: Wed, 30 Sep 1998 10:14:18 -0400
At 09:56 AM 9/30/98 -0400, Paul D. Robertson wrote:
The worst thing I see about this model is that it doesn't reliably give you an index to how much protection you're getting from the firewall.
Of course not. However a larger and larger percentage of firewall customers are caring less and less about such things. Just yesterday on this, the other list, or the newsgroup (life's a blur) someone was trying to decide on Brand A or Brand B firewall. Security was not mentioned, not because the company doesn't care, but I think because it is assumed: well, these are the #1 and #2 companies so they must be good. And hey, Brand A supports over 300 services through their firewall! You've correctly distilled things back down to the two paradigms: That which is not expressly (expressly mind you) permitted is prohibited. That which is not expressly prohibited is permitted. This tension will continue to go on for years. It is an identical struggle to one in Christiandom regarding worship and the regulative principal. Does God tell us what to do in worshiping him and how much can we deviate from it, or does he just tell us what not to do and anything else is fine. In the market the "what is not prohibited is permitted" crowd wins because it seems that is what most people in practice want. It is not secure. It is not safe. (Just recall what happened to Aaron's sons Nadab and Abihu as chronicled in Leviticus 10.) Fred
Current thread:
- RE: GXD vs. SPF Paul D. Robertson (Oct 01)
- RE: GXD vs. SPF Frederick M Avolio (Oct 01)
- <Possible follow-ups>
- RE: GXD vs. SPF Hines Dennis (Oct 02)
- Re: GXD vs. SPF Joseph S. D. Yao (Oct 05)
- RE: GXD vs. SPF Paul D. Robertson (Oct 05)