Brian,
Adrian, is lacking in couth/class/tact that is for sure. Maybe he can;t
find that in /root/home/manners. He is the depiction of dangerous when
it comes to security. I really doubt that the level he plays on covers
anything important, after all, any security person knows that indeed
Checkpoint does suck. If you wake up in the morning and have to check the
CERT advisories on your product I wouldn't use it. I forget the number
of actual holes and snippets of code that would cause compromise, but the
Black Hat community tore it up nicely. Honestly if his consulting
company offered a Checkpoint solution I would think about how valuable my
solution would be compared to the actual cost of my data and the time I
would need to find another job after the SAN and all Raids were wiped, and
I was facing legal incriminations from an invalidated contract stating I
would "secure" my clients Enterprise.
Maybe Adrian ought to start his own religion, no wait, someone already did
that. Wasn't it WANG or something like that?
Firing people because they don;t know software that is GNU/OpenSource is
ridiculous. Maybe they used HP Openview instead of nmap. What expert in
his right mind would have a FW do http load balancing? Sounds like
mister groovy security guy needs to take a few steps back and see how
stupid he sounds. Maybe we should give him a break. Sounds like he's
pissed cause he started 30k less than the gang of four and realized he was
duped into doing his bosses dirty work, that way if the former 4 sue the
company the boss is not to blame.
Come on Adrian, use a real mail address.
I started the flame on this one, didn't I ?
Thanks--
Kevin McCarty
Computer Sciences Corporation
Defense Sector
"Obstacles are those annoying little bumps that occur when you take your
eyes off your goals"
Henry Ford
"Brian T. Albert"
Sent by: nobody
12/09/2002 03:37 PM
Please respond to "Brian T. Albert"
To: "adrian jones" , "elping" ,
"Louis Young" , ,
cc: "Chuck Church"
Subject: RE: Hello (long response)
Sounds like your boss should be doing the house cleaning and not you.
Instead of firing 4 CCIEs, maybe because your God's gift to networking you
should mentor, train, and teach instead of strut around with your nose up
in
the air.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
adrian jones
Sent: Monday, December 09, 2002 3:17 PM
To: elping; Louis Young; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: Chuck Church; Security
Subject: Re: Hello (long response)
Elping,
Please do NOT make any statements regarding CheckPoint Firewall without
knowing all the facts. I've been working with both Checkpoint and Pix
firewalls. I
even build a few "franken" pix firewalls so that I can learn as much as I
can about
Cisco Pix firewalls. The "franken" pix firewall actually help me landed
my
current job
that pays 100k/year. Both CheckPoint and Pix firewalls have its strength
and
weaknesses. I agree that Cisco TAC is much superior than CheckPoint
support.
The "no text configuration" that you refer to in CheckPoint, you must be
refered to
running CheckPoint on Winblows platforms. NEVER RUN FIREWALL ON A
GENERAL PURPOSE OPERATING SYSTEM. If you worry about cost, check out
CheckPoint SecurePlatform. If you are "unix" literate, does the term
"tcpdump"
mean anything to you? That's how you troubleshoot my friend.
Now if you are talking about cost, Cisco Pix will beat CheckPoint by a
long
shot in
term of performance for your $. However, for a small/medium business,
Checkpoint
does come with a lot of features such as URL filtering (native), http load
balancing,
etc which Pix doesn't have (without 3rd party products). For enterprise
environment,
CheckPoint does come with ClusterXL (aka, load-sharing or Active/Active
Firewall),
which again, Pix doesn't support. Last but not least, CheckPoint does
have
a very nice Management piece called "provider-1" that Cisco Pix doesn't
have.
I do have to say that the price for CP products is totally "outrageous";
however, CP
is a good product.
In terms of hardware product, you can run CheckPoint on Nokia Platforms
which is
very stable and proven product. New version of Nokia firewalls do come
with
Flash instead of hard-drive so that the reliability is very high. Nokia
is
a big partner
with CP. You can get CP support if you purchase Nokia firewalls from
Nokia.
Nokia
TAC is just as good as Cisco TAC.
I've completed my first week at my new job as a Security Engineer and I am
amazed
at the # of Cisco Certified folks at my company that are completely
incompetent and
downright clueless at what they can do. We are a consulting company and
being in
the consulting business, you are forced to know pretty much about
everything.
I have a couple of CCIEs in the office came to me and ask me how to
restart
sendmail and postfix (we are a linux shop) in linux. Another CCIE asked
me
how to
use "nmap" in unix. The last one is down right funny, one CCIE asked how
to
start
Apache in Solaris. It just seems to me like R&S are all they know and
nothing else.
We also do R&S here but at these times, demands for those have not been
that
great. Therefore, we have to branch into other things such as Security
(PIX,
CheckPoint, Wireless, IDS, etc...)
I brought these issues to my boss attention last wednesday and on thursay
he
ordered me to 'clean' house. The first thing I did was to send "pink"
slips
to all
4 CCIEs in the group and told them that they are fired because they don't
know
anything other than R&S. They were making $130k/year and sucking almost
all
of
our budget.
My advice to everyone out there is to keeping learning other things in
addition to
the R&S. The market for CCIEs is not as good as it used to be. You
better
know
other things especially Unix and Firewalls than just merely R&S. There
will
be lot
of good peopel competing for the same jobs and the only way you can show
the
potential employers that you are better than the other guy is by showing
them that
you know other things not just R&S.
Just my .02c.
Adrian
elping wrote:
I work with the checpoint firewall ...and let me tell you they are gui
based
and very
easy to coinfigure...but do they suck.....ther is no text configuration .
the debugging
sucks...and most of the times i have called checpoint for support ..i have
done everything by the book...and
they suggest reboot ....sucks ..
98 perfecnt of the time they suggest to stop the engine and restart it ..
anyways i think anything that has a hardrive sucks ...
i predict they (checkpoint) will die soon if they do not come out with a
hardware product.......
Louis Young wrote:
> if the topic of security comes,not actually only one vendor of cisco
systems,there are many other options.
> netscreen,checkpoint,etc.
> why stick with cisco,just coz it is stronger?I don't think so :)
>
> ----- Original Message -----
> From: "Chuck Church"
> To: "Louis Young" ; "Security"
> Sent: Sunday, December 08, 2002 11:22 PM
> Subject: Re: Hello
>
> > Couple reasons actually. I've worked with PIXs and VPN in the past,
and
> > would like to really become stronger in the technology, especially the
IDS
> > and AAA stuff. The R&S hasn't been the 'pot of gold' that it once was,
so
> > I'm still under-employed (only working part time) currently. So
between
> > wanting to further my skills and having the available time to do it,
here I
> > am!
> >
> > Thanks,
> >
> > Chuck Church
> > CCIE #8776, MCNE, MCSE
> >
> >
> > ----- Original Message -----
> > From: "Louis Young"
> > To: "Chuck Church" ; "Security"
> >
> > Sent: Sunday, December 08, 2002 9:53 AM
> > Subject: Re: Hello
> >
> >
> > > Hi,having seen your active behavior in R/S list for a long time :)
> > > why think about security?
> > >
> > >
> > >
> > > Regards,
> > > Louis
> > >
> > > ----- Original Message -----
> > > From: "Chuck Church"
> > > To: "Security"
> > > Sent: Sunday, December 08, 2002 12:17 PM
> > > Subject: Hello
> > >
> > >
> > > > All,
> > > >
> > > > I just thought I'd introduce myself. I'm thinking pretty hard
about
> > > > going for the CCIE Security. My current CCIE is R&S. Haven't seen
any
> > > > messages since I joined yesterday, just wondering if there's many
people
> > on
> > > > this list.
> > > >
> > > > Thanks,
> > > >
> > > > Chuck Church
> > > > CCIE #8776, MCNE, MCSE
---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58843&t=58843
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
