Re: Firewall administration.

[Rick Smith <rsmith () visi com>]

I don't think the problem is so much one of GUI versus non-GUI, I think it
runs deeper. People will follow the minimum number of instructions to get
things going, but once they're done they want to feel confident that
they've done the job completely and correctly.

This "feeling" is an important part of security. Customers aren't
completely satisfied without it.

Unfortunately, a cleverly designed GUI will give you that feeling of
confidence without actually implementing all the protections you might have
wanted or intended.

So, in my opinion, the basic technical security problem is one of cognitive
modeling. A good administrative interface gives the installer a clear
representation of the protection *objectives* he wants to achieve and helps
him set up the firewall in terms of those objectives. Only techno-geeks
care about ports and packet state bits. The administrators care about
controlling traffic direction and type of service, or perhaps even higher
level things. So a good interface lets the administrators set up the
firewall in terms of interesting goals.

You don't need a GUI to do this. However, a GUI can present the installer
with a controlled set of options to choose, and in so doing, will convince
the installer that all appropriate steps have been taken. A command line
interface requires the installer to choose commands individually from a
potentially huge set. How is the installer going to know that he has
executed every command he should have? This gets back to confidence. The
installer is going to need a certain amount of knowledge and training in
order to report to his boss that everything is set up correctly, unless the
administrative interface gives him confidence that this is true. And
security training is more often desired than acquired.

Rick.
smith () securecomputing com                         rsmith () visi com
"Internet Cryptography" in bookstores http://www.visi.com/crypto/