Just because there is a mouse in the cookie jar, doesn't make it a mouse.
It not a matter of implementation, it's a matter of design and verification.
A basic design principle for security is that the
security mechanism must be small enough that it can be verified for proper
functionality. If the FW manufacture has build their
kernel with this principle in mind and has not made calls to DLLs that they
cannot verify for function because they do not have
the source and do not have control over changes to that code, THEN it is
likely that it will function well provided they can also
find way to mitigate the other issues brought up.
If I read your comments correctly, then a window with a lock that anyone can
open with a pocket knife is a successful security implementation as long as
no one breaks into it.
> -----Original Message-----
> From: Brian Steele [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, June 02, 1999 5:05 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Why not NT?
>
> What's so funny about this whole thread is these guys ranting and raving
> about NT being not suitable for Firewall work, but many companies are
> happily, and successfully, employing NT Firewalls anyway.
>
> Perhaps what they should really be asking is what do those companies know
> about employing an NT-based system that they don't.
>
> Ignorance is not knowing.
> Stupidity is the active pursuit of ignorance.
>
> Brian Steele
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
