Firewall Wizards mailing list archives
Re: How automate firewall tests
From: StefanDorn () bankcib com
Date: Fri, 18 Aug 2006 09:03:26 -0500
The problem here is that while firewall X might have all sorts of bells and whistles, it also might be more vulnerable then firewall Y which has only basic features because there's more of a chance that a chunk of code has a flaw or loophole in it, allowing someone to compromise it. This is compounded by the fact that firewalls are (in most cases) configured by a human being, allowing even more opportunity for security breaches. You might get a good comparison of feature vs. feature or 'general security' as of a certain date, but it still wouldn't give you a very clear picture of just how secure one firewall is versus another. We really need some sort of tool or report that looks at how firewalls handle and analyze data, adherence to protocol standards, history of vulnerability (maybe across previous models by that manufacturer?), and how easy/likely it is for an end-user to misconfigure a device, leaving it wide open. Lots of small businesses, schools, etc have administrators that aren't always security or firewall experts, and just are trying to get things functional. So, shouldn't this factor be a part of what a firewall needs to address to keep its network(s) secured? I know the list could go on forever, but those are some bits of information that I wish were more accessible to people when they're looking at making a new firewall purchase. Stefan Dorn firewall-wizards-bounces () listserv icsalabs com wrote on 08-17-2006 05:10:37 PM:
Marcus and Strabla, hope all is well! After considering Marcus's points, I wondered if perhaps getting a decent baseline standard between
the
various vendors might be a useful metric. By using the exact same applications, or traffic against the different commercially available firewalls the potential purchaser of such a device may be better
informed
when spending their money. As was stated by Marcus, measuring security is like trying to hold a drink of water in your hand. You might be able to do it, but someone
else is
always going to argue that you did not. I know that I am wowed when I read vendor A's appliance can do blah, blah blah, and vendor B's can do that and a whole lot more, but I have
never
seen a side by side comparison of the various devices one could choose
from.
Slick advertising gets me all the time. I realize this is getting off the automated topic, but something like this could help others make a better buying decision. Kind of like
a
Road and Track comparison of a Porsche roadster against a BMW against an American version (I can not think of any American made roadsters). Strabla, I may be close the same age as Marcus, but his experience is magnitudes beyond mine. He researches and designs the stuff; I just
hide
corporate assets behind them, or try to anyway. Best of luck with your research and hope that I may have provided some food for thought for the lurkers. Most sincerely, Richard Golodner Rockville, Maryland _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
PRIVACY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain business confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If this e-mail was not intended for you, please notify the sender by reply e-mail that you received this in error. Destroy all copies of the original message and attachments. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: How automate firewall tests, (continued)
- Re: How automate firewall tests Chris Byrd (Aug 21)
- Message not available
- Re: How automate firewall tests Marcus J. Ranum (Aug 22)
- Re: How automate firewall tests Keith A. Glass (Aug 20)
- Re: How automate firewall tests R. DuFresne (Aug 23)
- Re: How automate firewall tests Jim Seymour (Aug 23)
- Re: How automate firewall tests haim [howard] roman (Aug 23)
- Re: How automate firewall tests sai (Aug 20)
- Re: How automate firewall tests Dave Piscitello (Aug 30)
- Re: How automate firewall tests Marcus J. Ranum (Aug 20)
- Re: How automate firewall tests StefanDorn (Aug 20)
- Re: How automate firewall tests Patrick M. Hausen (Aug 21)
- Re: How automate firewall tests Paul D. Robertson (Aug 21)
- Re: How automate firewall tests Patrick M. Hausen (Aug 21)
- Re: How automate firewall tests Paul D. Robertson (Aug 21)
- Re: How automate firewall tests Patrick M. Hausen (Aug 21)
- Re: How automate firewall tests Paul D. Robertson (Aug 21)