Firewall Wizards: Re: FW appliance comparison - Seeking input for the forum

[nick leachman <nleachman () gmail com>]

On 1/25/06, Paul Melson <pmelson () gmail com> wrote:
> -----Original Message-----
> Subject: Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
>
> > Though i think people who buy Checkpoint stuff are somehow
> non-representative (i think if one tried that with, say, Cyberguard,
> > we'd see completely different picture) the results are still scary. Damn
> scary. That means 80% firewalls could be thrown off with
> > no further harm to security.
> I'd agree that choosing a different product customer set would probably
> yield different results, but I'm not sure that Check Point is going to be
> worse than others.  In fact, experience tells me that the small/medium IT
> shops out there that still have their NetScreen-10 or their PIX 510 with the
> same rule set and software on it for 3+ years are even more likely to have
> flawed configs.
I think it would be interesting to know what type of group of was
responsible for managing the firewalls in the study. I am moving an
account off of a Checkpoint being managed by a services organization
onto a PIX platform (no intent to start a vendor war) - and I have
been surpised by the permissiveness, and redundancy, in the "managed"
ruleset. The managed set broke two of the major rules in the
documented in the paper - and possibly a third if I had it on front of
me.

Of course this takes a new tangent; but it would be an interesting study.

Nick
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards