Why do you consider it a "Good Thing" (TM) that your manager can sit down and
modify your firewall? Is he fully aware of the impact his changes will have and
how they might affect the ability of your firewall to implement your security
policy? I know it reeks of "security by obscurity", but a firewall that is easy
to modify is also a firewall that is easy to modify incorrectly. If you have to
stop and think about what you are doing before you can do anything you are less
apt to just do something to see what happens. My little experience with NT
shows that even an experienced person who is just messing around with the GUI
can jigger the wrong button and deny a whole LAN segment access to its server.
Please notice I specifically did not say that the NT box can't be used as a
firewall. It may very well be just what you need to implement your security
Delmer D. Harris
______________________________ Reply Separator _________________________________
Subject: Why would someone want an NT firewall?
Author: Adrian Knight <knight%Harding .
com> at INTERNET-MAIL
Date: 12/5/96 8:46 AM
I've read for over a year about the Unix vs NT messages. For what it's
worth, here are the reasons why, after 6 months of research and training,
our site specifically chose an NT firewall instead of a Unix firewall.
(FYI, we're running Eagle NT by Raptor)
1) We only have 3 Unix computers on our campus. I manage one of them,
and after two years still know very little about it. Yes, if I spent
"enough time" on it I would probably be a Unix expert by now, but I don't
want to spend that much time, nor do I have the option of spending that
much time on it.
2) We don't want to hire a rocket scientist to manage our firewall. A
message earlier referred to firewalls being "necessarilly technical."
That's bogus. I think it's possible that a lot of people making money off
of firewalls might want to keep them that way, but there are a lot of
average people out there who want to AND CAN handle managing a firewall
right along with the MANY other types of systems that are also included in
our job responsibilities. In this age of computers, it is no longer valid
to try to convince people that computers are just too complicated for the
average person. I'm not a Microsoft Groupie or anything, but the reason
their company is where they are today is that they realized that!
Because our firewall is on an NT platform and has a good GUI, I can be
gone for a couple of weeks and even my boss, a manager, can sit down and
make changes to the firewall comfortably. Several other people in the
computing department with the passowrd could do the same if they had to.
After two years, nobody else could sit down to my Solaris box and do
anything except manage to shut things down.
3) At the time of my research a year ago, most mainstream firewalls ran
on minicomputer-class machines like Sun Sparc, HPUX, AIX. For an
educational site with good discounts, a platform like that ran around
$15,000. We put our firewall on a well-endowed NT PC for $5,000.
Hardware and software maintenance is also much cheaper
There are many other reasons that I chose NT over Unix, but I'll leave it
Adrian Knight | Network Manager
Harding University | Internet: KNIGHT @
900 E. Center, Box 2264 | Phone: (501) 279-4440
Searcy, AR 72149-0001 |