I'll write something up in the next couple of days, but for now I have a
couple of questions.
>
> I've looked into FW-1 (without actually running the software) and got
> the following picture:
>
> Strength:
>
> 1) Everyone I have talked to give his thumb up on the product's GUI. Based
> on my experience, Security Administrators see a good user interface just
> as important as any other part of the product.
>
> 2) It is flexible. Its programmable filter module supposingly can be used to
> adapt to many application protocols (ftp, HTTP, WAIS etc.) including site
> specific ones.
>
> Weaknesses:
>
> 1) It is not capable of doing User Authentication, which severely limits
> the access control module. Current rules are created based on service
> and host address, which may not have the granularity of many of us need.
Good point.
>
> 2) Because the product is based on the "packet-filtering", it inherits the
> limitation of the technology. Although I believe CheckPoint did a good job
> on attempting to break the barrier.
This is vague. What holes exist that don't exist with protocol or application
proxies?
>
> Does the above evaluation agree with what you have?
I'll get it out. Some of it agrees with what I have.
Patrick
_______________________________________________________________________
/ These opinions are mine, and not Amdahl's (except by coincidence;). \
| (\ |
| Patrick J. Horgan Amdahl Corporation \\ Have |
| patrick @
amdahl .
com 1250 East Arques Avenue \\ _ Sword |
| Phone : (408)992-2779 P.O. Box 3470 M/S 316 \\/ Will |
| FAX : (408)773-0833 Sunnyvale, CA 94088-3470 _/\\ Travel |
\___________________________O16-2294________________________\)__________/
|
|
