Mark,
Opinions vary as do experiences. I did not have the same problems as
yourself the last time I installed Gauntlet on NT, but it's been a
little while and perhaps my environment was different. I also know
several shops that run Gauntlet on NT without problems, other than that
its pretty slow as I mentioned.
Again, this is why I said "you might want to consider gauntlet as a
potential". In other words, he might want to get an eval copy and try
it out in his environment. If it doesn't meet expectations, no harm no
foul. He specifically asked for additional recommendations, and
gauntlet is a viable option for NT, though not the only one.
Regards,
Kent
[EMAIL PROTECTED] wrote:
>
> Gauntlet for NT as another firewall to try out.. Might as well suggest
> cutting the cable with a pair of wirecutters.
>
> Actually, cutting the cable is probably easier than installing Gauntlet
> for NT!! The last time I installed Gauntlet for NT, the familiar Blue
> Screen of Death (BSOD) appeared multiple times. Hopefully it is fixed in
> Gauntlet 5.5..
>
> /m
>
> Kent Hundley <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 02/29/00 02:34 PM
>
>
> To: Jon Earle <[EMAIL PROTECTED]>, Firewalls <[EMAIL PROTECTED]>
> cc:
> Subject: Re: Bug in Checkpoint FW-1 3.0 ?
>
> Jon,
>
> This is not an argument for or against FW-1 or any other firewall
> product, but just an observation. You conclude that FW-1 "works"
> because traffic is passing back and forth through the firewall. The
> flaw with this logic is that you don't know whether the firewall is
> really doing what it is meant to do, i.e. allow only what you want in a
> secure manner. Of course, the problem is that its not easy to determine
> whether the product is running "securely".
>
> This is in general one of the big problems with security products.
> People get them and install them according to the vendor instructions.
> Traffic they want to pass through passes and the logs seems to be
> blocking what they don't want. This means the firewall works, right?
> Unfortunately it may not. This is the real dilemma behind the problem
> with FW-1 that started this thread. It was assumed that the firewall
> was working because FTP traffic was passing, yet there was a flaw in the
> procedure.
>
> The critical point is that security testing is orthogonal to
> functionality testing. You cannot tell if your firewall (or other
> security product) is doing what is expected by simply looking at whether
> the traffic you want to allow through is working. That is testing
> functionality, not security. Unfortunately, most of the time the job
> requires functionality at the expense of security, but that's another
> story. (and truly testing the security is very hard)
>
> There's a really good whitepaper that talks about security testing by
> Bruce Schneier "Security in the real world: how to evaluate security
> technology" at <http://www.counterpane.com/publish.html>. I just read
> this article last week and it was still fresh in my mind as I read your
> comments, so I thought it was worth sharing. This is not a flame
> against you or any product, its an issue we all have to deal with in the
> products we encounter and something we all need to keep in mind.
>
> On another note, you might want to also consider Gauntlet as another
> potential firewall product for NT. Not telling you its better or worse
> than FW-1, but it does provide true proxy services for standard apps.
> Main problem I've seen with it is that its generally quite a bit slower
> than SPF based solutions.
>
> Regards,
> Kent
>
> <snip>
> >>Everything is simpler and easier with a stateful inspection firewall,
> >>including shooting oneself in the foot.
> >
> <snip>
> >We're currently running a FreeBSD, TIS FWTK solution which works _really_
> >well. It has been decreed however, that it is outdated and due for
> >replacement (I have no say in this decision). So... I've evaluated
> >Firewall-1 and Raptor. I found Raptor to be a low quality product, with
> >poor documentation, that didn't work as advertised. I've set up
> Firewall-1
> >for other clients, and it seems to be doing the job quite well. It's
> easy
> >to manage, and aside from the painfully slow logging interface, appears
> >quite reasonable. It works as advertised, and comes with good
> documentation.
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
