Sure nothing is wrong with pretty GUI. Obscure configuration and implicit rules
making it hard to understand exactly what firewall does in this and that case
is bad. GUI should be simple and straightforward, not just pretty.
If it is pretty, given it is designed the right way, it is even better ;-)
On Wed, Jan 25, 2006 at 06:03:41PM -0500, Anton Chuvakin wrote:
> > Though i think people who buy Checkpoint stuff are somehow non-representative
> > (i think if one tried that with, say, Cyberguard, we'd see completely
> > different picture) the results are still scary. Damn scary. That means 80%
> > firewalls could be thrown off with no further harm to security.
>
> I've been meaning to stay away from this fun, but [by far] too bigoted
> discussion, but this spiked my curiosity. What't wrong with Checkpoint
> [in this context]? I have a sneaking suspicion that its the pretty
> GUI. Am I correct?
>
> However, I suspect that a "pretty GUI" is a reasons the results for
> Cybergard (or, iptables, for that matter) will be way more horrendous.
> A well-designed and intuitive rule UI will likely work to reduce the
> errors made by the admins thus, indirectly, incresing security and the
> value of a firewall.
>
> On a related note, I was shocked when I've heard that some org was
> choosing an anti-virus (from all things!) based on its management UI
> intuitiveness, but it does make sense on some level: bad UI -> admins
> hate the product -> its not used / not configured right -> security
> suffers.
>
> Thus, "pretty UI" = "higher security" :-)
>
> Fight on! :-)
>
> Best,
> --
> Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA http://www.chuvakin.org
> http://www.securitywarrior.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 02 2006
Intro
