Firewalls: Re: Checkpoint's LIE (was Re: ha firewalls)

Firewalls
(October 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Checkpoint's LIE (was Re: ha firewalls)
From:	Michael Dillon <michael @ memra . com>
Organization:	Memra Software Inc. - Internet consulting
Date:	Thu, 10 Oct 1996 15:48:12 -0700 (PDT)
To:	west @ tmoon . com
Cc:	firewalls-digest @ GreatCircle . COM
In-reply-to:	<199610101844 . LAA04173 @ miles . greatcircle . com>

On 10 Oct 1996 west @
 tmoon .
 com wrote:

> I'm dumping my Firewall-1.  Any company that can blatantly lie about
> providing some security mechanism (stateful packet filtering - patent
> pending no less) and actually not provide it is not a company who I want
> to depend on to secure my network.

> Lastly, a financial institution here in my parts has also dumped
> Firewall-1.  Seems that a consultant hired to dissassemble the binary
> found some suspicious code and upon further investigation believes that
> it is a backdoor for specially formatted packets!
> 
> Can anyone recommend a "good" firewall?

Yes. Source code.
Just ask all vendors you are considering whether or not they supply source
code. If they don't then they are a pack of liars, thieves, CIA double
agents, evil hackers and vile disgusting dregs of humanity.

TIS Gauntlet supplies source code
http://www.tis.com/docs/products/gauntlet/index.html

The TIS firewalls toolkit is also freely usable source code as long as you
don't set it up for somebody else without contacting TIS about licencing.

For a firewalls company, what are the cons against distributing source
code? Well, the first one is that there are no secrets. Do you want to
trust a security company that has secrets? Secrets can hide weaknesses you
know.

Well, another con is that some other company could steal the code and sell
it as their own firewall software. Assuming this evil thief does not
supply source code, how would you ever know anyway? But if everybody
distributed source code then anyone who steals someone else's code is
unable to hide the fact. Therefore if they don't supply source they are a
pack of liars, thieves, CIA double agents, evil hackers and vile
disgusting dregs of humanity. 

Hmmm... but the competition could steal the ideas and implement it in
their own source! That's right, they could. Is this bad? If you know of a
better way to secure systems are you going to keep this secret from
everybody else so that their systems are not secure? This is a cynical
vile and evil attack on those other people who think they are secure but
really are not.

Trust begins with openness. Trust begins with no secrets. If a company is
not open and above board with you, don't give them your money.

Note that I know nothing about Checkpoint and Firewall-1 and therefore
have no opinion on the company or its products except that if they don't
supply source code then they are a pack of liars, thieves, CIA double
agents, evil hackers and vile disgusting dregs of humanity.

Michael Dillon                   -               ISP & Internet Consulting
Memra Software Inc.              -                  Fax: +1-604-546-3049
http://www.memra.com             -               E-mail: michael @
 memra .
 com

Follow-Ups:

Re: Checkpoint's LIE (was Re: ha firewalls)
From: peter @ baileynm . com (Peter da Silva)
Re: Checkpoint's LIE (was Re: ha firewalls)
From: "Paul D. Robertson" <proberts @ clark . net>
Re: Checkpoint's LIE (was Re: ha firewalls)
From: alan @ mindvision . com (Alan Hannan)

References:

Checkpoint's LIE (was Re: ha firewalls)
From: west @ tmoon . com

Indexed By Date	Previous:	Re: Checkpoint's LIE (was Re: ha firewalls) From: Terry Bernstein <terry_bernstein @ sri . com>
Indexed By Date	Next:	Re: Mac to RS6000 encryption From: Adam Shostack <adam @ homeport . org>
Indexed By Thread	Previous:	Re: Checkpoint's LIE (was Re: ha firewalls) From: Terry Bernstein <terry_bernstein @ sri . com>
Indexed By Thread	Next:	Re: Checkpoint's LIE (was Re: ha firewalls) From: alan @ mindvision . com (Alan Hannan)