Thus spake Sunny Azah:
> The whole point of commercial firewalls should be to make a reasonable
> level of security as inexpensive and simple as possible.
Perhaps.
I suspect that most vendors see the point of commercial firewalls as a
way to generate revenue, and that far too many buyers see the point of
commercial firewalls as due diligence.
> The firewall should be a "security expert in a box."
I don't think that's really feasible.
A `security expert' (often known as a `Firewall Consultant(tm)') asks
questions, pokes around, makes assumptions based on context and then
recommends a course of action. Notice that a security expert does
not, typically, hold two pieces of ethernet and regulate traffic.
A firewall is far more analogous to a wrench than a mechanic.
> The rest of the market needs something secure, reliable,
> and easy to use.
So, you want something complex enough to handle the intricacies of
just about every network (and security policy, and `threat
environment'), but which is simple enough that Aunt Thelma can just
plug it in and have it go.
Dessert topping _or_ floor wax, I fear. At least until those wacky AI
boys catch up.
Mike
(don't mind me...another day, another `firewall protecting idiots from
themselves' nightmare)
--
#> Mike Shaver (shaver @
ingenia .
com) Ingenia Communications Corporation
#> Chief System Architect -- Head geek -- System exorcist
#>
#> "Have you considered a life? I hear they're quite affordable
#> these days." --- shields @
tembel .
org
References:
|
|
