mailing list archives
Re: FW appliance comparison - Seeking input for the forum
From: ArkanoiD <ark () eltex net>
Date: Thu, 26 Jan 2006 02:17:42 +0300
Sure nothing is wrong with pretty GUI. Obscure configuration and implicit rules
making it hard to understand exactly what firewall does in this and that case
is bad. GUI should be simple and straightforward, not just pretty.
If it is pretty, given it is designed the right way, it is even better ;-)
On Wed, Jan 25, 2006 at 06:03:41PM -0500, Anton Chuvakin wrote:
Though i think people who buy Checkpoint stuff are somehow non-representative
(i think if one tried that with, say, Cyberguard, we'd see completely
different picture) the results are still scary. Damn scary. That means 80%
firewalls could be thrown off with no further harm to security.
I've been meaning to stay away from this fun, but [by far] too bigoted
discussion, but this spiked my curiosity. What't wrong with Checkpoint
[in this context]? I have a sneaking suspicion that its the pretty
GUI. Am I correct?
However, I suspect that a "pretty GUI" is a reasons the results for
Cybergard (or, iptables, for that matter) will be way more horrendous.
A well-designed and intuitive rule UI will likely work to reduce the
errors made by the admins thus, indirectly, incresing security and the
value of a firewall.
On a related note, I was shocked when I've heard that some org was
choosing an anti-virus (from all things!) based on its management UI
intuitiveness, but it does make sense on some level: bad UI -> admins
hate the product -> its not used / not configured right -> security
Thus, "pretty UI" = "higher security" :-)
Fight on! :-)
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA http://www.chuvakin.org
firewall-wizards mailing list
firewall-wizards () honor icsalabs com