Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: FW appliance comparison - Seeking input for the forum
From: nick leachman <nleachman () gmail com>
Date: Wed, 1 Feb 2006 09:13:27 -0500

On 1/25/06, Paul Melson <pmelson () gmail com> wrote:
-----Original Message-----
Subject: Re: [fw-wiz] FW appliance comparison - Seeking input for the forum

Though i think people who buy Checkpoint stuff are somehow
non-representative (i think if one tried that with, say, Cyberguard,
we'd see completely different picture) the results are still scary. Damn
scary. That means 80% firewalls could be thrown off with
no further harm to security.

I'd agree that choosing a different product customer set would probably
yield different results, but I'm not sure that Check Point is going to be
worse than others.  In fact, experience tells me that the small/medium IT
shops out there that still have their NetScreen-10 or their PIX 510 with the
same rule set and software on it for 3+ years are even more likely to have
flawed configs.

I think it would be interesting to know what type of group of was
responsible for managing the firewalls in the study. I am moving an
account off of a Checkpoint being managed by a services organization
onto a PIX platform (no intent to start a vendor war) - and I have
been surpised by the permissiveness, and redundancy, in the "managed"
ruleset. The managed set broke two of the major rules in the
documented in the paper - and possibly a third if I had it on front of

Of course this takes a new tangent; but it would be an interesting study.

firewall-wizards mailing list
firewall-wizards () honor icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]