Firewall Wizards mailing list archives
RE: [Fwd: Re: Protecting a datacentre with a firewall] (fwd)
From: "Jermaine Howard" <jhoward () kumhotech com>
Date: Mon, 5 May 2003 11:23:41 -0400
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Cat
Okita
Sent: Sunday, May 04, 2003 7:51 PM To: firewall-wizards () honor icsalabs com Subject: Re: [Fwd: Re: [fw-wiz] Protecting a datacentre with a
firewall]
(fwd)
"mag" proclaimed on 04 May 2003 11:00:23 +0200I was telling the truth. We have found that no useable firewalls on the market, so we had to develop one.
I have to admit to a morbid curiousity about what you consider
"useable".
What specific criteria do you use to define "useable"?
You are succesful when you are able to withstand attacks, not when you are able to get the traffic through. Thank you, I know how the average firewall admin responds to problems which cannot be solved with his firewall. Opens everything. I have seen lots of setups in this kind.
Oddly enough I've always felt that there was a great deal of importance to be placed on being able to perform those tasks required to run the business. Claiming that it's unimportant to be able to pass traffic suggests that you're familiar with extremely simple or limited
environments.
So prepare for a big work. We are doing it for five years, and
have
at least another five years ahead. And we are not even
multinational.
"a big work"? Please tell me you're joking.I an NOT joking.
It does have shades of the "Big Dig", but I suspect language issues.
4 good people is enough for approx 80 _intranet_ firewalls. I
emphasized
intranet firewall, because they tend to be more complex than internet ones. I have yet to find an internet firewall with 12 interfaces. Of course you need good people, and good tools.
Could you provide more details about the environment that you are working in/targeting? Many of the statements you have made seem outrageous, and a better idea of what environment you are discussing may cause them to seem less so.
I generally do more reading in this list (with all the info and experience here who wouldn't) than writing. I agree with Cat on asking for you to provide a "little" detail about your environment/scenario you are basing your not "use-able" and 12 interfaces on. Not to say nor imply by any means that those aspects are ridiculous, just that knowing the general situation gives way to understanding if need be. There are other factors/variables with intranet_firewalls that are environment dependant which would give way to a more complex internet_firewall configuration. Without knowing at least some broad details, one isn't any more complex or useful than another. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: [Fwd: Re: Protecting a datacentre with a firewall] (fwd) Cat Okita (May 04)
- RE: [Fwd: Re: Protecting a datacentre with a firewall] (fwd) Jermaine Howard (May 05)