Firewall Wizards mailing list archives
Re: Time for a new FWTK?
From: Mike Shaver <shaver () netscape com>
Date: Sat, 29 Nov 1997 15:13:27 -0800
Bennett Todd wrote:
For several years thereafter it required a multi-discipline expert, strong in security programming, networking, OS configuration, and so on to set up a firewall. Then Cheswick&Bellovin came out, then Chapman&Zwicky, then various nicely-packaged portable easy-to-use tools, then the LDP Firewall HOWTO, and all of a sudden any random shmoo can make a state-of-the-art firewall out of some used bubble-gum and a couple of asphault shingles, using only tools found around the home. The magic and mystery has gone out of it.
Hmmm. I don't think there's all that much of a sea change, although firewall vendors would certainly have you believe that there have been great technological leaps forward! It's pretty much always been the case that anyone with decent C skills and a basic knowledge of their network could put together a rudimentary firewall. (I suspect the amount of effort involved in installing fwtk 3 years ago is about equivalent to the amount of effort required for buzzword decoding and vendor selection today.) The problem was (and remains) developing policy and a keen eye for discerning subtle differences between policy and enforcement. I'm not sure how we got along in the early days...perhaps we got lucky, because the people clued-in enough to care about firewalling were also clued-in enough to make those distinctions? I don't know that NFR (right now) saves us from having to develop policy -- although having a snapshot of current usage could certainly help -- but it could easily provide a handy policy/implementation matching tool. Mike
Current thread:
- RE: Time for a new FWTK?, (continued)
- RE: Time for a new FWTK? Craig Brozefsky (Nov 27)
- Re: Time for a new FWTK? Bennett Todd (Nov 28)
- Re: Time for a new FWTK? Craig Brozefsky (Nov 28)
- Re: Time for a new FWTK? Marcus J. Ranum (Nov 28)
- New firewall paradigms, anyone ? Darren Reed (Nov 28)
- Re: New firewall paradigms, anyone ? Marcus J. Ranum (Nov 28)
- RE: Time for a new FWTK? Craig Brozefsky (Nov 27)
- RE: Time for a new FWTK? Bret Watson (Nov 28)
- RE: Time for a new FWTK? Marcus J. Ranum (Nov 28)
- Re: Time for a new FWTK? Mike Shaver (Nov 29)