Kriss,
I guess you are new to this forum.
Other comments in line.
>From: Kriss Andsten <[EMAIL PROTECTED]>
>Subject: Re: Hardware Firewalls
>
>On Sun, 3 Dec 2000, Brian Ford wrote:
>
> > Thanks for the humor Kriss.
>
>Aim to please. Thanks for the ads by the way. You'd be surprised how much
>we all appreciate sales pitch a few times a day. It's nice to see someone
>bold enough to beat their own drum for once too - I mean, hell.. when you
>never see product users recommending it, someone obviously has to do it!
Almost funny. Actually, we have a variety of methods our customers use to obtain
support.
> > I think the point that Kriss has missed is the integrity of the
> > operating system that is running on the "standard ole' Intel machine".
> > Purpose built firewall appliances, like the Cisco PIX run a
> > proprietary operating system. That means that it is a couple of
> > degrees harder for all those script kiddies out there to find and
> > exploit a vulnerability in these firewall appliances.
>
>Ayep, security through obscurity is a well known and highly respected
>paradigm. Quite correctly, Cisco is one of the market leaders in this
>department.
I guess you read Ben's note. Well done. Have you heard any other good ideas lately?
>Lets not forget that the machine the pix software is bundled with is also
>very cost effective. You'd be surprised how much a 1U rackmount machine
>costs. A BLUE one, at that.. wow. Cisco cant be making much of a cut on
>those.
If you are concerned with how prices are set I'd suggest studying marketing. I hear
they cover that in a couple of those courses.
Most folks realize that you make a buying decision you pay for a product and support.
Support that went into it before you bought it and support that will come after.
> > Now, if you were to purchase a product from Cisco we are very open,
> > honest, and forthright about any vulnerability that is discovered and
> > reported (in many forums). <snip>
>
>Sarcasm aside, I can but agree firewalls using some OS with the sole
>intent of acting firewall is good. I still say 'hardware firewall' is a
>bit of a misnomer - show me one with FPGAs and I'll be happy though ;-)
>
>Personally, I'd be more interested in using stuff by the people who dig up
>the problems, not the ones running behind.
> I'm yet to see (which doesnt
>mean it doesnt exist, though) Cisco come up with something -new- in the
>security department. The sales pitch mentiones how the pix is 'easy to
>install'.. argh. Come on.
You really should try to get out more often. We haven't spoken about ease of install
in years.
I guess you hadn't heard but many of the internetworking devices on the Internet were
actually manufactured and are supported by Cisco Systems. We have been in business
for over ten years. We've also built a number of other pretty large private networks.
Many of them use the PIX (as well as our other security products). We've integrated
many security features into an entire internetworking product line.
But perhaps most importantly, we support our customers. We provide a complete
solution and when someone has a problem we invite them to contact us. They can call
us any time; day or night. That's one call. to one vendor rather than two or three
vendors who don't work together). Anywhere in the world. In languages other than
English. And we offer a variety of other support mechanisms via the Internet. And
when we endorse a product that adds value to one of ours we fully test that product
and hold it's manufacturer up to our support standards.
And we have a FAQ too!
We have a whole family of security products, why don't you look at the web site,
http://www.cisco.com/go/security
>Check out Enternet firewall (and the company in general). Their sales
>pitch is 'good security is a pain' and 'a firewall isnt a magic little
>decive that makes you secure'. Their idea is nice, their approach frank.
>Their pricing realistic. They -dig up- the vulnerabilities (Hi Mike) And
>they dont sell blue boxes.
Great! "good security is a pain"! Security is too hard for just anyone to understand.
You need a specialized guy (like you) to figure out all the big, bad security stuff.
Gee, and you subscribe to all those special mailing lists that other people don't know
about. Right?
Their price may be realistic given what they provide. What about support? I suppose
they have someone who regularly answers e-mail. Maybe a local phone number? Maybe a
FAQ?
That's good. They "dig up vulnerabilities". But do they solve customers problems?
> > Info about the Cisco PIX is here http://www.cisco.com/go/pix.
>
> > Regards,
> >
> > Brian
>
>A tad sarcastic but otherwise fine,
No, you were just off base.
>Kriss
Brian
Brian Ford
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
