Re: FW appliance comparison - Seeking input for the forum

[Anton Chuvakin <anton () chuvakin org>]

> Though i think people who buy Checkpoint stuff are somehow non-representative
> (i think if one tried that with, say, Cyberguard, we'd see completely
> different picture) the results are still scary. Damn scary. That means 80%
> firewalls could be thrown off with no further harm to security.

I've been meaning to stay away from this fun, but [by far] too bigoted
discussion, but this spiked my curiosity. What't wrong with Checkpoint
[in this context]? I have a sneaking suspicion that its the pretty
GUI. Am I correct?

However, I suspect that a "pretty GUI" is a reasons the results for
Cybergard (or, iptables, for that matter) will be way more horrendous.
A well-designed and intuitive rule UI will likely work to reduce the
errors made by the admins thus, indirectly, incresing security and the
value of a firewall.

On a related note, I was shocked when I've heard that some org was
choosing an anti-virus (from all things!) based on its management UI
intuitiveness, but it does make sense on some level: bad UI -> admins
hate the product -> its not used / not configured right -> security
suffers.

Thus, "pretty UI" = "higher security" :-)

Fight on! :-)

Best,
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA     http://www.chuvakin.org
http://www.securitywarrior.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards