Firewall Wizards mailing list archives
RE: Evaluating Firewall
From: "Ben Nagy" <ben () iagu net>
Date: Tue, 27 May 2003 15:57:20 +0200
inline
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Ruud Kenbeek Sent: Tuesday, May 27, 2003 2:42 PM To: firewall-wizards () honor icsalabs com Cc: vineet () linux com kw Hello Vineet, With all respect to the people who reacted previously, I think you should evaluate a firewall on three major point: 1) Security 2) Security and 3) Security All other point mentioned by yourself and others are secondairy to this. I can build you a perfect firewall that's manageble, speedy, etc, but if it's not secure you've got nothing.
Y'know, I really can't believe that anyone still thinks like this. Back in the Day, to name some names, I was convinced that Cyberguard was a more secure firewall than the last iteration of Gauntlet, which was more secure than FW-1. Yet, for many clients, I recommended FW-1 and I still believe I was absolutely right to do it, for many reasons. [1] Security in the Real World, 101: 1. Security and Usability are natural enemies. Most companies want a mixture of both. 2. If you can't summarise your security architecture on a napkin, it's not working. 3. The real trick is being secure enough. Past that point you're losing money. (3a. The real _real_ trick is knowing at what point you _are_ secure enough.) Oh I could go on like this for hours - it'll be like the Rules of Acquisition.... 4. You can't fix HR problems with software. 5. Forget the fancy new firewall, patch your damn webservers! 6. 95% of crypto solutions are a waste of money. 7. Users trying to do their jobs have superhuman powers in terms of bypassing security systems. 8. Nobody can sell you "Security". You need to do some work yourself. Sorry. 9. [...] Must. Stop. Now.... ben [1] Gauntlet was slow, buggy and used Sendmail, xntpd and Bind. Cyberguard used a MAC OS. FW-1 monkeys were common as dirt. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewall performance testing (Was: Re: Evaluating Firewall), (continued)
- Re: Firewall performance testing (Was: Re: Evaluating Firewall) Kyle R. Hofmann (May 07)
- Free Firewalls? Thoughts... Sean Barraclough (May 08)
- Re: Free Firewalls? Thoughts... Henning Brauer (May 08)
- Re: Free Firewalls? Thoughts... Ted Behling (May 08)
- Re: Free Firewalls? Thoughts... Javier Sanchez (May 09)
- Re: Free Firewalls? Thoughts... Mark Gumennik (May 09)
- Re: Free Firewalls? Thoughts... David Lang (May 09)
- Re: Free Firewalls? Thoughts... Mikael Olsson (May 10)
- Re: Free Firewalls? Thoughts... Javier Sanchez (May 12)
- RE: Evaluating Firewall Ben Nagy (May 27)