psychout @
pacbell .
net wrote:
> So I can have my firewall in parallel with Microsoft's proxy and be
> assured that both are providing an equal level of security, right?
>
Wrong. There is no way that you can equate the levels of security
of two parallel systems developed by independent teams and be assured
of anything other than you have helped contribute to increasing Bill's
share of accumulated wealth.
Parallel systems of dissimilar architectures, operating systems, and
overall design criteria are only as strong as the weaker system and,
in the base case, are not additive in security. In addition, you end up
with dissimilar administrative paradigms, which adds to confusion (I
know that the Microsoft bigots here will say, 'well, just make it all
microsoft, and everything will be ok...', but that is not the answer in
the Real World, where shops are not homogenous entities marching in
lockstep.).
You gotta get back to your own corporate policy and divorce it from
specific product catalogues. The firewall implements your policy. It
has to reflect your reality and your perceived threat horizon.
They seem to be still shaking out their strategy. Which means that
there seems to be no cohesive plan (other than to have a me-to product
at this segment of the market). Like everything that has come from
Redmond since the days of mbasic, you should wait till rev 3.x for a
workable solution, but only migrate if and when you have examined your
own overall architecture and determined that any particular product
makes sense from that basis rather than the brnading on the box.
--
Bryan D. Boyle | EMAIL: bdboyle @
erenj .
com 908-730-3338
#include <disclaimer> | http://www.access.digex.net/~bdboyle/index.html
"They that can give up liberty to obtain a little temporary safety
deserve neither liberty nor safety." - Benjamin Franklin,
Historical Review of Pennsylvania
References:
|
|
