RE: [Fwd: Re: Protecting a datacentre with a firewall] (fwd)

["Jermaine Howard" <jhoward () kumhotech com>]

> -----Original Message-----
> From: firewall-wizards-admin () honor icsalabs com
> [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Cat
Okita
> Sent: Sunday, May 04, 2003 7:51 PM
> To: firewall-wizards () honor icsalabs com
> Subject: Re: [Fwd: Re: [fw-wiz] Protecting a datacentre with a
firewall]
> (fwd)


> "mag" proclaimed on 04 May 2003 11:00:23 +0200
> > I was telling the truth. We have found that no useable firewalls
> > on the market, so we had to develop one.

> I have to admit to a morbid curiousity about what you consider
"useable".
> What specific criteria do you use to define "useable"?

> > You are succesful when you are able to withstand attacks, not when
> > you are able to get the traffic through. Thank you, I know how the
> > average firewall admin responds to problems which cannot be solved
> > with his firewall. Opens everything. I have seen lots of setups in
> > this kind.

> Oddly enough I've always felt that there was a great deal of importance
> to be placed on being able to perform those tasks required to run the
> business. Claiming that it's unimportant to be able to pass traffic
> suggests that you're familiar with extremely simple or limited
environments.

> > > > So prepare for a big work. We are doing it for five years, and
have
> > > > at least another five years ahead. And we are not even
multinational.
> > > "a big work"?  Please tell me you're joking.
> > I an NOT joking.

> It does have shades of the "Big Dig", but I suspect language issues.

> > 4 good people is enough for approx 80 _intranet_ firewalls. I
emphasized
> > intranet firewall, because they tend to be more complex than internet
> > ones. I have yet to find an internet firewall with 12 interfaces.
> > Of course you need good people, and good tools.

> Could you provide more details about the environment that you are
> working in/targeting? Many of the statements you have made seem
> outrageous, and a better idea of what environment you are discussing
> may cause them to seem less so.

        I generally do more reading in this list (with all the info and
experience here
who wouldn't) than writing. I agree with Cat on asking for you to
provide a "little"
detail about your environment/scenario you are basing your not
"use-able" and 12
interfaces on. Not to say nor imply by any means that those aspects are
ridiculous, just
that knowing the general situation gives way to understanding if need
be.

        There are other factors/variables with intranet_firewalls that are
environment dependant which would give way to a more complex
internet_firewall configuration. Without knowing at least some broad
details, one isn't any more complex or useful than another.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards