On Mon, 29 Aug 1994, Marcus J Ranum wrote:
> >I installed the PORTUS system on my network and and had it up and
> >running in FOUR HOURS with no headaches and the LSLI folks waiting
> >on the phone incase I had any problems --- which never popped up.
> >
> >It's the easiest install I've done in a long time.
>
> Sure, and you can drop a TIS Gauntlet on your network, turn
> it on, configure its addresses, and be up and running in no time.
>
> The guy you were responding to was referring to a "build your
> own" firewall, and you're talking about a product. If we all start
> posting about how easy our products are to install or use, then we'll
> just reduce to a shouting match "my product is better than yours"
> which is a complete waste of time (though it's probably more useful
> than the "hacker list" crud).
I agree about the hacker crud ... :)
What everyone seems to be overlooking about the installation is that
the security audit which ought to precede it takes time. There are a lot
of considerations to be made before removing a network from the Internet
and giving them connectivity through the firewall.
Users see something different. Applications will act differently. For
example, the telnet option called up through mosaic now must either be
socksified, must be modified to understand gateways, or it simply won't
work. What you are trying to protect, and from whom is a consideration.
The answers are all tradeoffs, and are not always clear.
Installing the actual firewall is the easy part of the project, IMHO,
whether rolling your own from the fwtk, or using a canned product.
----------------------------------------------------------------------------
It's *amazing* what one can accomplish when
one doesn't know what one can't do!
References:
|
|
