Great Circle Associates Firewalls
(June 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: NCSA Certification
From: Chris Kostick <ckostick @ ashton . csc . com>
Date: Sun, 30 Jun 1996 22:48:59 -2800 (EDT)
To: rjj @ medialab . com (Richard Johnson)
Cc: firewalls @ greatcircle . com
In-reply-to: <v02140b00adfbdc56de3e @ [204 . 144 . 184 . 50]> from "Richard Johnson" at Jun 30, 96 02:20:44 pm 
> 
> >> Incorrect.  Only those vendors who were members knew.  First, you had to
> >>join.
> >
> >Eligibility was open to everyone. Everyone knew the goal of the
> 
> You keep harping on that word: "everyone".  Perhaps it does not mean
> what you think it means?

It means exactly this. Every firewall vendor was made aware of what NCSA
was doing. At the time they (NCSA) started this there were approximately 40
vendors in the field.  Everyone knew. As thet field grew I can't say 
whether or not they were notified personally from NCSA with an invitation
to join. I highly doubt it. However, if a new vendor was totally unaware 
of the activity then maybe they have more problems than putting out a
firewall product. But, I sincerely doubt any vendor was unaware.

> 
> >If you find no value in it, then ignore it.
> 
> Too bad the false air of legitimacy engendered by the NCSA name and the
> idea of "certification" will cause my less technically astute bosses and
> clients to worry, and to pronounce brain-dead requirements.  Now I'm going

oooh, if your bosses could hear you type.

> to have to waste many hours explaining exactly why the very idea of a
> static "test" for a firewall is a meaningless pursuit.  That's particularly
> true in this case, where the tests were run as a marketing ploy by a
> high-price wanna-be market oligarchy, under a false cloak of serving the
> public interest.

Well, I happen to think there is value in the testing. Every test that
is run a firewall should be able to deal with and repel, even if it
is in a static environment.

What you'll be spending your time doing and anyone else (should I use that
word?) that is listening is convincing your boss why you're opinion is
so vastly superior to the rest of the community. The conversation 
may run such as

Boss: Is our firewall NCSA certified?

guru: No, but it doesn't need to be. The testing they do is meaningless
      in the context of real security. By that I mean configuring the
      firewall and having it perform in an active environment.

Boss: But could it pass certification?

guru: I suppose so. Yeah, it could.

Boss: How do you know?

guru: Because I've been working with it for X years, and I know the product.

Boss: But have you run the certification tests?

guru: Well, maybe not all of them one for one, but I know exactly how it
      would react!

This is where the boss pauses and gives one of his/her famous management 
stares of 'now, let's rethink your position.'

It would be easier if the conversation went more like.

Boss: Is our firewall NCSA certified?

guru: yes.

Boss: okay, that's all.

Maybe I'm out of line here, but it was fun writing it. :)
--
Chris
Indexed By Date Previous: Re: Pilot Network Services
From: vin @ shore . net (Vin McLellan)
Next:
From: (nil)
Indexed By Thread Previous: Re: NCSA Certification
From: CMH @ Interramp . com (Corey M. Horowitz)
Next: Firewall -1 Or Raptor on NT Server Platform
From: Ken Kearley <KEARLEY @ wapa . GOV>
Google
 
Search Internet Search www.greatcircle.com