I've been watching this thread for a while and have a different point to
bring up.
Any firewall is only as good as the person who configured it. As an
example, I know quite a bit about NT (IMHO) and a little bit about UNIX. I
can certianly install and configure a firewall on an NT system and I can
probably install a firewall on a UNIX system, but I am 100% confident that
the NT system will be more secure, stable, etc. because I know exactly what
to do to secure NT and exactly where and how to do it. I would even go so
far as to take my NT firewall up against 90% of the UNIX firewalls out there
in production.
If a company has a lot of NT expertise and no UNIX expertise it is totally a
better fit for them to deploy an NT based firewall, the system will have a
hope in hell of being properly maintained and confogured than if you have NT
guys trying to "figure out" the UNIX system as they go. This is one of the
legitimate advantages to standardizing on NT, that you don't have to hire
(or contract) out three or more entirely different skill sets.
Robert Aitchison
Director of Servers & Services
Data Systems West
[EMAIL PROTECTED]
> -----Original Message-----
> From: Jeff Burson [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, June 02, 1999 1:10 PM
> To: Paul D. Robertson
> Cc: Brian Steele; [EMAIL PROTECTED]
> Subject: RE: Why not NT?
>
>
> Hello,
>
> >
> > > What's so funny about this whole thread is these guys ranting and
> raving
> > > about NT being not suitable for Firewall work, but many companies are
> > > happily, and successfully, employing NT Firewalls anyway.
> >
> > So, rather than disputing the technical points "it's popular so it must
> > be good" is your argument? Maybe people are happily living in trailer
> > parks, that doesn't make them the ideal structure to reside in during
> > tornado season.
>
>
> Unfortunately, I've seen this type of argument be fairly persuasive
> with upper management. On more than one occasion, I've had to
> rigorously defend my intentions of deploying a firewall on a
> UNIX platform against a management directive to deploy all
> things NT. I don't mind doing it, because I've seen how a firewall's
> effectiveness, stability, and robustness can degrade on NT when
> compared to a UNIX solution.
>
> However, we have to be careful as security professionals to be
> sure that we're not making religious arguments.
>
> It IS a fact that many companies are deploying firewalls on NT.
>
> Why?
>
> To say that every one of these deployments are being done by
> GUI-loving idiots or ignorant savages who don't know REAL
> security is probably stretching credibility.
>
> The reasons are probably more complex than that and are probably
> worth being aware of ...
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
