Re: Firewall comparison

[dreamwvr <dreamwvr () dreamwvr com>]

hi,
  or the fws that are used when the others fail to meet expectations...
the stats of popularity are slanted to the most commercialized which 
does not necessarily mean the best. i noticed that ibm's firewall since
it was new tended to depend on obscurity and claims that could not be 
deputed unless of course you knew what C2 meant;-) it would be interesting
to see by numbers of intrusions by firewall brand but realistically this is
not going to be released anytime soon. Also it could be argued as everything 
can that that only indicated that the fwadmins did not know how to use the
tool effectively. but still it would be interesting:-)
                                                Regards,
                                                dreamwvr () dreamwvr com
At 10:53 AM 3/4/99 +1100, Christopher Nicholls wrote:
> At 06:35 PM 02/03/99 -0500, Matt Curtin wrote:
> <SNIP>
>
> > Matt Lotz <MLotz () eaglesoft net> writes:
> >
> > > most firewall companies are more than willing to compare their
> > > firewall to others.
> >
> > ...in irrelevant ways and with nonsense data meant to play off of the
> > inexperience of the audience.
> >
> > I mean, really, how else could everyone's firewall be "the best"?
> >
> > How much can you really learn useful things about a commercial
> > firewall like implementing relays in kernels vs. applications,
> > pre-forking relays vs. firing them up on demand, the pros and cons of
> > stateful packet filtering, resistance to various classes of attacks,
> > the ability to cycle through a socket's states, open source code
> > vs. proprietary design, etc.?
>
> <SNIP>
>
> I heartily agree - and I am essentially a salesperson (though hopefully not
> a "salesdroid"). I'll take this further. I cannot understand for the life
> of me why such utterly meaningless "head-to-head" cracker-fests are carried
> out at reasonably significant IT security conferences around the world,
> with the claimed purpose of establishing the "Best Firewall"... If
> anything, it points to the extreme lack of knowledge by the perpetrators of
> such nonsense, concerning security technology and firewalls...
>
> These days, there seems to be a goodly dose of smoke and mirrors and
> quackery - more akin to the days of travelling medicine shows.
>
> Such bald statements by technopseuds like"I can crack any firewall except
> X-Brand" drive me up the proverbial wall... unfortunately, the naive fall
> for it all the time. EVERY firewall can be "broken" if it is misconfigured
> or enough time and energy is dedicated to it. That's why we have Intrusion
> Detection software, and other devices, to assist us in restricting access
> to our information.
>
> The only mechanisms for comparison when you have selected one of the major
> firewalls (other than broadly through ITSEC or Common Criteria
> Certificates), are price, whether the company that supports you is good
> enough, and who configures, installs and maintains the gateway. When it
> comes down to it, good support is vital.
>
> Regards
>
> Chris Nicholls
Reuters, London, February 29, 1998: 
Scientists have announced discovering a meteorite which will strike the 
earth in March, 2028.  Millions of UNIX coders expressed relief for being 
spared the UNIX epoch "crisis" of 2038.
_______________________________________________________________________

DREAMWVR.COM - TOTAL WEB INTEGRATION, DEVELOPMENT, DESIGN SERVICES. 
Featuring Website Development and Web Strategies of a TOP Developer 
New Look and Feel... Coming to a Browser near you..:) 
<http://www.dreamwvr.com/services/MAX_SEC.html><-- Road Improvements
DREAMWVR.COM - The Console of Many... 24 X 7 Evolution Internet
<http://www.dreamwvr.com/dynamicduo.html> <mailto:dreamwvr () dreamwvr com>
"As Unique as the Company You Keep."        "===0 PGP Key Available  
________________________________________________________________________