Firewall Wizards mailing list archives
Re: Firewall comparison
From: Matt Curtin <cmcurtin () interhack net>
Date: 02 Mar 1999 18:35:17 -0500
[This sounds harsh, but I don't mean to be abrasive to Matt or anyone else on the list. I have been becoming increasingly distressed at the decreasing mean level of technical expertise. This message is the one that finally pushed me over the edge. I intend to be harsh with vendors and the industry as a whole. Whether anyone individually falls into the category of needing the scolding is an exercise left to each reader. :-)] Matt Lotz <MLotz () eaglesoft net> writes:
most firewall companies are more than willing to compare their firewall to others.
...in irrelevant ways and with nonsense data meant to play off of the inexperience of the audience. I mean, really, how else could everyone's firewall be "the best"? How much can you really learn useful things about a commercial firewall like implementing relays in kernels vs. applications, pre-forking relays vs. firing them up on demand, the pros and cons of stateful packet filtering, resistance to various classes of attacks, the ability to cycle through a socket's states, open source code vs. proprietary design, etc.? If we don't know the internals of our firewalls, if we don't understand what's *really* happening under the hood, if we're easily swayed by persuasive nontechnical arguments that use things market share as some sort of feature, then we're not firewall-wizards, we're Information Technology Industry drones, and we ought not flatter ourselves with titles that include the word "engineer". We'll need to talk to vendors, to be sure, but we'll need to talk to their engineers and ask hard questions. We'll need to talk to other vendors. We'll need to do our own comparisons. That kind of stuff takes time, but why in the world would anyone trust what one vendor says about someone else's product? Many vendors lie, or tell only part of the story to make themselves sound better, folks. (Or they have sales droids who spread misinformation by guessing incorrectly or otherwise not knowing.) They're not your friends. Don't trust them. We need to do our own homework and trade notes with each other to make the decisions that work best for our own environments. Every organization is different, and no single set of criteria is going to be able to answer what's right for everyone, despite what almost any vendor will tell you. -- Matt Curtin cmcurtin () interhack net http://www.interhack.net/people/cmcurtin/
Current thread:
- RE: Firewall comparison John McDonald (Mar 01)
- Re: Firewall comparison Bennett Todd (Mar 01)
- Re: Firewall comparison Steve George (Mar 03)
- <Possible follow-ups>
- RE: Firewall comparison ark (Mar 02)
- Re: Firewall comparison Matt Curtin (Mar 03)
- Re: Firewall comparison Christopher Nicholls (Mar 04)
- Re: Firewall comparison wolt (Mar 05)
- Re: Firewall comparison dreamwvr (Mar 05)
- Re: Firewall comparison Christopher Nicholls (Mar 04)