Re: Firewall rules order and performance

[Jean-Denis Gorin <jdgorin () computer org>]

Selon "Marcus J. Ranum" <mjr () ranum com>:
> It always seemed to me that a lot of the "system design"
> of firewalls was "let's put our head between our knees and
> hope Moore's law or marketing takes care of it for us."

You should mean "system design of software", not only of firewalls (or whatever
kind of security software...), and "let's put our head between our knees and
hope Moore's law or marketing takes care of it for us. Else, we will deliver
some patches." :-(

And more than 10 years of that state of mind for software engineering resulted
in having pathes as the ultimate solution for all problems!
Who remember that firewalls (as application gateways) was designed to solve (or
to ease a lot) the patch management problem?
Now, we are back to patch management as the solution for all problems because
dumb people (managers, marketers, buyers, system admins, network admins,
developers, or whatever fit your situation) are unable (or unwilling) to
understand what is a firewall, and what is it due for...

JDG
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards