At 04:59 PM 5/30/96 -0600, Chris Pugrud allegedly wrote:
Your points are well taken. A few caveats, if I may.
>The biggest complaint that I have about the Eagle NT product is that it is
>not an NT firewall. It doesn't use NT as anything more than a "boot
>loader".
I wouldn't quite go as far to say that it is a "boot loader". It does
load Windows NT & then disables services and features which are not
firewall related or have been deemed to be insecure.
>It is still not complete yet for NT, they cut back on features to
>rush it out the door.
Granted, however, the first release of any product is always missing
some features.
>It seems like a good product, but I won't cut a PO
>until it can take advantage of the NT user database, network login, etc...
Personally, I see this as an advantage rather than a disadvantage. I
wouldn't want to use any NT features which may be critical to the use
of the firewall for two main reasons:
1) You can't be sure that the software will be stable.
Micro$oft could accidently let a bug creep into their software
which could render the firewall insecure or inoperable - requiring
that the vendor "freeze" their version of Windows NT ("We will only
support NT version X.Y.") - leaving them in a strategically vulnerable
position.
Also, if the software is written internally, then you have full
control of the s/w development, you can provide better support,
and you can provide a quicker response to problems/bugs.
2) Security
Pretty much the same rasons as in #1. Further, it is never a
good idea to outsource Information Security. Relying on Micro$oft's
security mechanisms would place the vendor's product & reputation
at the mercy of Micro$oft's ability to write tight secure code.
>Chris
Best Regards,
Frank
Any sufficiently advanced bug is indistinguishable from a feature.
-- Rich Kulawiec
<standard disclaimer>
The opinions expressed above are of the author and may not
necessarily be representative of Fortified Networks Inc.
Fortified Networks Inc. - Information Security Consulting
http://www.fortified.com Phone: (317) 573-0800 FAX: (317) 573-0817
Home of the Free Internet Firewall Evaluation Checklist
|
|
