Ryan Reynolds wrote:
>
> Mikael:
>
> I agree wholeheartedly with you, but I think the reason is that the
> security of a firewall is taken for granted. Nobody asks "How secure is
> FW-1/Gauntlet/Sidewinder/etc.", they just assume that the products are
> completely secure.
>
> I have recently been perusing the archives for this maillist (circa
> 1995-1996), and this topic came up in a few posts then. I believe mjr
> said something along the lines of: It's not the firewall you need to
> worry about, it's the administrator/policy/boneheaded mistakes you need
> to worry about.
Well, that's not exactly correct. if the firewall sits on top of an OS
you have to worry about the security of the OS. If it implements it's
own IP stack (as many NT firewalls do since NT's IP Stack is hooey), you
have to worry about the stability/security of their stack. If the
firewall includes extra software, like filtering software, you have to
be concerned about how secure it is.
It isn't simply a matter of buying whatever you want as long as you can
do a good job administering it. As my Grandpa always said: "You can't
make a silk purse out of a sow's ear". And as Grandma always says "
Heads that don't listen, feel".
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
