On Sat, 22 Jan 2000, rym wrote:
> hello this question is some kind a newbie but here it is, if you were to
> choose a firewall software that runs on Solaris SPARC what would it be?
> is this software easy to administer and install ?
Most of the major firewall packages, as well as a significant chunk of
freeware code run under Solaris on Sparc hardware. Anyone recommending a
single package without knowning anything about your topology, security
policy, operational needs and a host of other things is either a reseller
with a vested interest or someone with a complex that requires them to try
to foist their choices on others to validate their choices. I wouldn't
put much stock in either type of person, but maybe that's just me.
Think of it as car buying - some people will tell you that a Ferrari is
the best vehicle, but that's not true if you need to get six adults to
town each day. Others will try to tell you how reliable their Volvos are,
but that won't do you any good if you need to go off-road. You may be
happier with a motorcycle, but you're the only one who knows enough about
the situation to be able to tell. That's going to take research on your
part and that starts with requirements and moves through comparison
shopping.
Firewalling is necessarily technical, a firewall's protection model is
based almost completely on what it blocks, so if you don't understand
what you're blocking and why, ease of installation will simply negate the
value of your firewall. If you don't understand what ActiveX is, you
can't make a determination of if you should block it, let alone ask what
it takes to do such blocking on a particular product.
Personally, I'd look at the requirements before I chose a platform to
implement on, since adding things like additional hardware for failover
will impact the costs, providing hot or cold sparing for what promises to
become a critical piece of infrastructure may negate certail choices
depending on support contracts from vendors, availability of other
platforms should a vendor go out of business, etc. (Please note that the
Sparc platform is well-served by multiple chip makers, and multiple
hardware vendors, but you need to look at your local site to figure out if
those alternatives are good ones.)
Also, easy for you may not be easy for me, and your definition of easy
may change over time. Just last night, somone posted to this list on the
difficulties of automating changes to a firewall with a GUI (A feature
that most consider ease-of-use critical.) Since I like building my own
firewalls, I can see why that would be important as an ease of use fact to
him, but I can also see instances where the GUI would be more important to
others.
Finally, in the quest of ease-of-use, it's important not to lose sight of
the fact that firewalls are supposed to provide security. If they don't
do that, ease-of-use won't be really important when the walls come
tumbling down.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
