Re: Novell BorderManager

Tue, 7 Sep 1999 14:04:36 -0700 

On Mon, 6 Sep 1999, Fred Martin poured forth salesdroidlike thusly:

> Novell BorderManager is a lot more than a firewall. BorderManager 

                          A lot?

> provides centrally managed integrated security services into NDS enabled
> sites. BorderManager is a caching service (reverse and forward http

A lot of firewall solutions offer caching.  The debate is still pretty
ripe on if that's the best place to do it.  Hell, AFAIK Apache in proxy
mode can cache and it's free.

> proxy), an ICSA certified firewall that provides packet filtering,

A lot of firewalls are ICSA certified.  Opinions on the value of that
certification vary widely.

> multiple proxies (FTP, HTTP, NNTP, Telnet, RTSP, DNS, SMTP, POP3),

Almost every proxy-based firewall offers multiple proxies.  Certainly
every commercial one does.  Is Novell doing anything special to stop
tunneling over all these holes, or is it just another "A lot
more than just a firewall?"

> combined with integrated IPSec compliant VPN services (site to site and

Almost all commercial firewalls offer VPNs

> client to site), strong authentication services (native support of
> ActivCard tokens) and RADIUS-based interoperability with most token
> vendor solutions out there.

Almost all commercial firewalls offer strong authentication, RADIUS, etc.

I don't see "A lot more than a firewall" outside of the extreme ammount of
marketing buzword drivel.  Please spare us all the commercial- last I
looked it was out-of-charter.  

Hey- wait- it has NDS -- MS Proxy, to which it's been compared has NT
Domains - maybe they're both "A lot more than just a firewall?"  At least
MS hasn't had anyone type in the sales brochure and post it to the list.  

Of course, I think that even when they get to the "A lot more than just a
firewall" stage, my firewalls should just be firewalls.

Don't forget, central management makes a single-point-of-compromise into a
"game over" solution.  Poor security engineering design IMNSHO.  



Paul 
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
[EMAIL PROTECTED]      which may have no basis whatsoever in fact."
                                                                     PSB#9280

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to