On Fri, 2005-11-18 at 11:39 -0800, Jim Harrison (ISA) wrote: > To tell the truth, I'm surprised at the lack of ISA / MS bashing in this > thread.
I think it has been quite decent too, although it is the Focus-MS list so you'd expect most of the bashers to just not subscribe. > Is it an indication of MS' place in the general security > community, a general lack of interest in ISA or the holiday season > approaching? The world may never know... ISA rocks and as James has said he's a major fan of the system. There is no doubt that ISA is a great system and worth using in a lot of scenarios, I personally love it. Although I know it does have some failings, not to admit that would just be silly as one system can't do everything and do it without flaw - although ISA tries very hard at this and holds together quite well. > Following this context, we then examine the exploits and compromises > each firewall product *itself* has experienced; i.e, that attack that > succeeded in the context of the firewall code itself. > It's in this context where I state that ISA has experienced no reported > compromises. You don't state whether or not that is unique here though although you phrase it as if it is, personally I don't *believe* it is, although I have seen no study on this to prove it either way and haven't undertaken the study myself. By this I mean something properly independent, not vendor funded - which most research in areas like this tends to be. > Also, ISA (and to be fair; the aforementioned competitors) is far more > than a simple "firewalling stack". What separates ISA from the others > is the fact that ISA has and continues to "lead the pack" in L4+ > inspection. Indeed, easily the strongest selling points of the system. I said it before, nothing comes close to ISA when you want to work with RPC. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
smime.p7s
Description: S/MIME cryptographic signature
