> (new heading reflective of a slight subject modification).
> I has become apparent to me from private and public comments that some,
> many, most, or all of the firewall vendors that post here do not do
> stress tests on their firewalls - because none of them seem to know
> the limits of their performance.
> It is my opinion that anyone claiming to have a good security product
> that hasn't stressed it till it breaks, is ignoring a great body of
> historical data that indicates this is where attackers will take
> advantage, and thus has a poor quality assurance program and probably a
> poor product under real-world attack conditions.
there's a difference between the ability to deal with high bandwidth and
security. a packet that's dropped because the interface is too busy
is the same as a packet that's dropped because of a filter- it's
dropped in either case. if you know differently please share
your information with the list, as i'm sure that the rest of us will
find the information important.
> Having now offended all firewall vendors by talking about their
> emporor's lack of clothing, I await the mass of abuse e-mail proclaiming
> how my perspective is foolish. I hope that at least one of them will
> tell us that they have tested to the failure point, what that point is,
> how it fails, how it is failsafed, and how their testing program has
> demonstrated that their failsafe works properly.
> <semi-humorous, slightly abusive, painfully advertisy and honest statement ON>
> P.S. Management Analytics is available to help the rest of you build
> the QCQA program you probably should have.
an observation: posting criticism of other vendor's products while
providing no numbers or details, then offering your services is not a
good way to convince your readers of the validity of your opinion.
eric murray ericm @