On Sun, 3 Dec 2000, Brian Ford wrote:
> Thanks for the humor Kriss.
Aim to please. Thanks for the ads by the way. You'd be surprised how much
we all appreciate sales pitch a few times a day. It's nice to see someone
bold enough to beat their own drum for once too - I mean, hell.. when you
never see product users recommending it, someone obviously has to do it!
> I think the point that Kriss has missed is the integrity of the
> operating system that is running on the "standard ole' Intel machine".
> Purpose built firewall appliances, like the Cisco PIX run a
> proprietary operating system. That means that it is a couple of
> degrees harder for all those script kiddies out there to find and
> exploit a vulnerability in these firewall appliances.
Ayep, security through obscurity is a well known and highly respected
paradigm. Quite correctly, Cisco is one of the market leaders in this
department.
Lets not forget that the machine the pix software is bundled with is also
very cost effective. You'd be surprised how much a 1U rackmount machine
costs. A BLUE one, at that.. wow. Cisco cant be making much of a cut on
those.
> Now, if you were to purchase a product from Cisco we are very open,
> honest, and forthright about any vulnerability that is discovered and
> reported (in many forums). <snip>
Sarcasm aside, I can but agree firewalls using some OS with the sole
intent of acting firewall is good. I still say 'hardware firewall' is a
bit of a misnomer - show me one with FPGAs and I'll be happy though ;-)
Personally, I'd be more interested in using stuff by the people who dig up
the problems, not the ones running behind. I'm yet to see (which doesnt
mean it doesnt exist, though) Cisco come up with something -new- in the
security department. The sales pitch mentiones how the pix is 'easy to
install'.. argh. Come on.
Check out Enternet firewall (and the company in general). Their sales
pitch is 'good security is a pain' and 'a firewall isnt a magic little
decive that makes you secure'. Their idea is nice, their approach frank.
Their pricing realistic. They -dig up- the vulnerabilities (Hi Mike) And
they dont sell blue boxes.
> Info about the Cisco PIX is here http://www.cisco.com/go/pix.
Enternet is at http://www.enternet.se/
> Regards,
>
> Brian
A tad sarcastic but otherwise fine,
Kriss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
