Firewall Wizards mailing list archives
Re: FW appliance comparison - Seeking input for the forum
From: ArkanoiD <ark () eltex net>
Date: Thu, 26 Jan 2006 02:17:42 +0300
Sure nothing is wrong with pretty GUI. Obscure configuration and implicit rules making it hard to understand exactly what firewall does in this and that case is bad. GUI should be simple and straightforward, not just pretty. If it is pretty, given it is designed the right way, it is even better ;-) On Wed, Jan 25, 2006 at 06:03:41PM -0500, Anton Chuvakin wrote:
Though i think people who buy Checkpoint stuff are somehow non-representative (i think if one tried that with, say, Cyberguard, we'd see completely different picture) the results are still scary. Damn scary. That means 80% firewalls could be thrown off with no further harm to security.I've been meaning to stay away from this fun, but [by far] too bigoted discussion, but this spiked my curiosity. What't wrong with Checkpoint [in this context]? I have a sneaking suspicion that its the pretty GUI. Am I correct? However, I suspect that a "pretty GUI" is a reasons the results for Cybergard (or, iptables, for that matter) will be way more horrendous. A well-designed and intuitive rule UI will likely work to reduce the errors made by the admins thus, indirectly, incresing security and the value of a firewall. On a related note, I was shocked when I've heard that some org was choosing an anti-virus (from all things!) based on its management UI intuitiveness, but it does make sense on some level: bad UI -> admins hate the product -> its not used / not configured right -> security suffers. Thus, "pretty UI" = "higher security" :-) Fight on! :-) Best, -- Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA http://www.chuvakin.org http://www.securitywarrior.com
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: FW appliance comparison - Seeking input for the forum Paul Melson (Feb 01)
- Re: FW appliance comparison - Seeking input for the forum nick leachman (Feb 02)
- RE: FW appliance comparison - Seeking input for the forum Paul Melson (Feb 02)
- RE: FW appliance comparison - Seeking input for the forum Paul Robertson (Feb 02)
- RE: FW appliance comparison - Seeking input for the forum R. DuFresne (Feb 02)
- RE: FW appliance comparison - Seeking input for the forum Paul Melson (Feb 02)
- Re: FW appliance comparison - Seeking input for the forum Dave Piscitello (Feb 02)
- Re: FW appliance comparison - Seeking input for the forum R. DuFresne (Feb 02)
- <Possible follow-ups>
- Re: FW appliance comparison - Seeking input for the forum R. DuFresne (Feb 01)
- Re: FW appliance comparison - Seeking input for the forum Devdas Bhagat (Feb 07)
- Re: FW appliance comparison - Seeking input for the forum ArkanoiD (Feb 02)
- Re: FW appliance comparison - Seeking input for the forum nick leachman (Feb 02)