> From: Adrian Knight <knight @
> Subject: Why would someone want an NT firewall?
> 2) We don't want to hire a rocket scientist to manage our firewall. A
> message earlier referred to firewalls being "necessarilly technical."
> That's bogus. I think it's possible that a lot of people making money off
> of firewalls might want to keep them that way, but there are a lot of
> average people out there who want to AND CAN handle managing a firewall
> right along with the MANY other types of systems that are also included in
> our job responsibilities. In this age of computers, it is no longer valid
> to try to convince people that computers are just too complicated for the
> average person. I'm not a Microsoft Groupie or anything, but the reason
> their company is where they are today is that they realized that!
I believe that the industry's efforts to make computers appear that anyone
can operate them has resulted in our present support and security
nightmare. Computers are not toasters no matter how many GUIs you
lay on top of them. I don't believe it possible to put enough artificial
intelligence on a mass-produced, end user administered machine to make
it either secure or easily supported in today's environment where the
latest applications are downloaded from the Internet at the user's
discretion, multivendor hardware and software components are constantly
mixed, matched, and updated, and ten or more layers of drivers, protocols,
clients, and applications "coexist" each with their own idiosycrocies, bugs,
Windows and particularly MacIntosh machines are absolutely wonderful
at making a user friendly DESKTOP environment. But today's PC is no
longer a "personal computer". It is a portal into a much larger
networked information system. That larger system is getting more
complex, layered, and interactive day by day. The security ramifications
of that architecture are not easily reduced to a point and click
paradigm nor is that type of interface easily kept current with
new applications and problems.
> Because our firewall is on an NT platform and has a good GUI, I can be
> gone for a couple of weeks and even my boss, a manager, can sit down and
> make changes to the firewall comfortably. Several other people in the
> computing department with the passowrd could do the same if they had to.
> After two years, nobody else could sit down to my Solaris box and do
> anything except manage to shut things down.
Windows promised point and click computing. Yet people are still dealing
with INI files, registry editors, and multiple driver and DLL updates.
It may be that the product was designed to be point and click but in
actual practice it rarely happens that way. Also, the GUI can often
cover up an oversimplification of a complex technical issue. When this
happens on a device protecting an entire network...
My $0.02 worth.
James Madison University