Here is a good blerb about fire walls.
> Les asked:
> > Hi folks,
> > I've recently had customers coming up more and more with the "Secured
> > operating system" question. That is ... what is the benefit of having a
> > specially secured operating system on a machine which no one is going to
> > logging in to?
> Thats progress. Knowledge is improving to the point where customers are
> able to ask more searching questions of a vendor, rather than accepting
> that 'firewalls are a real specific product, so lets buy the cheapest'.
i'd be very happy if people would think about how to protect their net and
ask the vendors specific questions.
but most people don't.
they are quite happy to hear "our firewall is tested and certified" so they
can trust it without understanding it.
before i built the firewall for my company, i read a lot and i had to
learn a lot. now i'm far away from knowing all about firewalls, but
one thing i learned: it's impossible to test or classify it sufficiently.
1. no firewall is like another. it's configuration depends entirely
on what it has to protect.
2. not the firewall itself is important, that what it has to protect is.
let's imagine a site owns the absolut perfect firewall, breakins
are impossible. but the main reason for this site to connect to the
internet is to exchange secret data with another site(s) and the
firewall only supports a poor encryption. the firewall is worthless.
etc...there are surely thousends of other reasons.
i'm really scared about the importance some people see in certifications.
firewalls have less in common with the classic UNIX security.
may be a certification doesn't hurt (BTW, it *can* hurt in a psychological
way, if it makes you feel invulnerable), but this would be the last for me
to care about. other things are important.
important is that a site knows what to protect, how to protect it and what
the threats are.
the staff has to understand what a firewall can do and what not.
further more, it is important to stay up to date. to read this list,
for example, and to be prepared for new risks.
without this, any firewall is, hmmm not worthless at all (better than
nothing), but at least insufficient. OTOH, a well configured firewall on
a *non* B1 system is a good and sufficient protection.
Rolf Weber <weber @
com> | All I ask is a chance
IEZ AG D-64625 Bensheim | to prove that money
++49-6251-1309-113 | can't make me happy.
Questar - WebQuest Support
com, ccallen @
206.487.2627 ext 209