I'd just like to add a comment that I, for one, am impressed by the quality of debate, the tenor and the professional nature of this thread. Kudos to all! Kind Regards, Sean ---------- Sean Semone Management Information Specialist Institutional Research and Planning University of Georgia [EMAIL PROTECTED] ---------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Paul D. Robertson Sent: Tuesday, January 12, 1999 11:05 AM To: Andy Condliffe Cc: [EMAIL PROTECTED] Subject: Re: OS Platform for firewall (...the answer is..) On Tue, 12 Jan 1999, Andy Condliffe wrote: > I agree with a lot of what you say, but the original questions > was which OS, UNIX or NT? As the word "knowing" seems to have Right, I just think that a lot of people jump too quickly to the answer based on what I think are the wrong questions. A lot of people want someone to tell them "use xyzzy", but rather than an easy answer of "If you like frotz, use it instead", I think people need to think a great deal more carefully about security solutions. A great deal of the rationale used by a number of people (and I'm not picking on you here, this is a generalist statement) for choosing firewalls have not much at all to do with firewalling. All things, unfortunately aren't equal, and I prefer to raise the issues that traditionally have held value. "Eggs and baskets" is one such issue. > touched a raw nerve, perhaps "understanding" would have been a > better choice, or will that just make thing worse :-( Well, as I tried to point out, that's another argument entirely, but while I understood what you were getting at, I just think it bears pointing out that a lot of people have no clue how an OS operates at the network level, and those are generally the same folks who want to be told what OS to use. > > I also use PIX and Cisco 16xx with the firewall feature set, all > of which have had their problems. I haven't come across any vendor > who has particularly inspired confidence. We can definitely agree on that point. All firewalls suck, they just all suck in different ways. > The ideal solution, as you seem to suggest, is multiple devices > of different architectures, whether it be router + host, or host > + different host with different FW s/w. Definitely, I just wanted to point out that since host security is your last line of defense (and we as an industry need to drive the "firewall" thinking all the way down to the host) putting all the eggs in a single basket, even a well-known one may not be the best choice. Paul ---------------------------------------------------------------------------- - Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." PSB#9280 - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
