Your message dated: Wed, 07 Aug 1996 12:32:49 EDT
> >Most Unix systems are unfortunately insecure out of the box.
> >We should expect all good firewalls to be highly secure out of the box.
>
> I agree 100%. The true test of a firewall package is to see what it does when
> you DON't follow the vendor recommended procedures. How does it handle stupid
> user tricks? What state does it leave your network when something like that
> happens? There's a gap between the people who really read the instructions an
>d those who
> just scan the instructions. Unfortunately, I believe the scanners outnumber t
>he
> readers...:-).
I'll agree, sort of: software that's hard to configure incorrectly is
better than software that's easy to configure incorrectly.
But puh-lease, we're talking about a $18,000 piece of software that touches
every packet in or out of a network! I think it's fair to require an
installer to read the manual, and even---shudder---to require that they
follow its (apparently loud) instructions if they want the software to
work.
Again: foolproof indeed GOOD; installing extravagant expensive network
bottleneck without reading its instructions BAD. (And, not completely
foolproof combined with "I know how this thing works"-type-testers who
don't read the manual because they're on a deadline UNFORTUNATE.)
References:
|
|
