Michael,
......... Michael Dillon is rumored to have said:
] On Sat, 18 May 1996, Alan Hannan wrote:
]
] > ] All firewall products give the administrator tools to enforce security
] > ] policy.
] >
] > That's not entirely accurate. A cisco router is a 'firewall product'.
] > It does not give an administrator the ability to enforce authentication,
] > or content analysis.
]
] A Cisco router rovides packet filtering capabilities. If your security
] policy includes filtering packets then a Cisco router *DOES* give you the
] tools to enforce that component of your security policy. It seems silly to
] say that a Cisco router doesn't do what it doesn't do because we all
] *KNOW* that it doesn't do that.
I did not imply that it could not enforce packet filtering. Your
blanket statement about 'all firewall products give the
administrator toools to enforce security policy' implied every
lef me to believe you mean that any particular firewall product can
do everything for a person. This is not what you meant, I see,
and I apologize for my misunderstanding.
] > I don't mean to imply any vague statements, I'd be happy to
] > address any specific concerns you might have.
]
] My main concern is that this list is for discussions and information
] sharing about firewalls by users/administrators, designers, security
] consultants etc., but not for the kind of marketing fluff that you get in
] magazine ads and from talking to the "sales" department.
Good heavens, did you buy a new pillow or something? You seem
awfully grouchy! I don't feel that I've a vey high fluff-content
at all!
] > I'm not too great at this marketing thing, and my earlier comment
] > was meant to direct you at our marketing materials. I'm a
] > network/security engineer by trade, believe me I'd much prefer to
] > talk to you in those terms ;-).
]
] If your company won't let you talk candidly without censure, then get off
] the list! Above all, stop trying to be a marketing droid. Most of us can
] get deluged with all the marketing materials we want by making a phone
] call; the last thing we need is an amateur salesman pushing his company's
] product on the list.
I have full and unlimited freedom to say anything I want about our
product. I'm not an 'amateur salesman', I'm a netsec engineer.
I'm damn proud of the product we've done, people inquired about it
publically, I responded, and you chose to be a prig. Look back on
your archives, my friend. I've been a contributor to this list
for the past two years.
] > I'm not sure it's fair to say "Make sure that your needs analysis
] > is based upon the security factors and not technical things like
] > which OS does it use...". Imagine if I told you to go read a book
] > on Firewall Security. And the best book was only available in
] > Russian! But you can't speak Russian! The book doesn't do you a
] > whole lot of good.
]
] If the firewall that best meets your needs runs on OS/2 and requires a
] token ring connection, then it is a simple thing to buy OS/2, buy a
] token-ring to Ethernet gateway, and use the product. Learning Russian is
] several orders of magnitude more difficult than hooking some computer
] equipment together in today's networking world.
Not really, for most folks. Think about your common LAN
administrator. I know of several who would rather learn Russian
than learn Unix.
Regardless, I respect you and your thoughts. I don't feel that
I'm full of marketing fluff, I've tried to get the message across
that "We have a security solution that runs on NT, and I think it
is the best solution for most folks". I define most folks by
meaning business attaching or attached to the Internet. I have
provided subjective opinions, and I'd be happy to provide tangible
data in addition to that listed on our web page if you'd like.
Perhaps a simple "Does your firewall allow shttp" type question
would be more conducive to this discussion, instead of this
beat-up the new vendor schpiel.
-alan
Follow-Ups:
References:
|
|
