Forgive me for saying so (or don't), but that's damn silly.
If you're serious about security, you'll start with requirements, not
products. Define your requirements in terms of risk, availability,
performance, functionality, etc. Then find the product that fits.
Maybe it's FW-1 (it often is). Or maybe it's Gauntlet, or the LMF, or
PIX, or something totlally different like HP VVOS.
But if you prejudge the "winning" product without going through a
genuine requirements process, everyone loses.
Re. FW-1 and Gauntlet, the two products are certainly very different,
but there are things each one does far better than the other. Since
you only seem to perceive FW-1's virtues, let me mention a few areas
where Gauntlet leaves FW-1 in the dust:
- A real, working, SMTP proxy, so you don't have to expose an Exchange
or other soft SMTP listener to an (albeit "inspected") end-to-end TCP
session (and don't tell me FW-1's SMTP Security Server works, since it
doesn't).
- Real Oracle support, both for SQL*Net 2.x and Net8 -- not the
brainless "allow almost everything if it's tcp/1521 or tcp/1526"
approach taken by FW-1, but real parsing of Oracle network datastreams
to the level of permitting or denying access to particular database
instances on the same IP, logging all TNS operations, etc.
- Repeat the above point for IIOP, H.323, X.400, X.500, etc. (If you
actually read some of the INSPECT code on FW-1, you'll be surprised by
how shallow "inspection" can sometimes be).
- On-board anti-virus. That's right, a no-extra-product, no-extra-box,
no-extra-cost A-V engine right on the firewall, for SMTP, FTP, and/or
HTTP -- which actually works, unlike all the CVP solutions which fall
on their collective faces on a regular basis.
So: forget your prejudices. Figure out your requirements. Then go
find a product (FW-1, Gauntlet, other) that meets the requirements.
Every other way leads to silliness, not security.
--
.
. Richard Reiner, Ph.D.
. FSC Internet Corp. / SecureXpert Labs
. The FSC Building, 188 Davenport Rd.,
. Toronto, Ontario, Canada M5R 1J2
. +1 416 921 4280, Fax +1 416 966 2451
. [EMAIL PROTECTED], [EMAIL PROTECTED]
. www.fscinternet.com, www.securexpert.com
.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 20, 2000 3:40 PM
> To: [EMAIL PROTECTED]
> Subject: FW: [FW1] Any Gauntlet haters - need to sell FW-1
>
>
>
> Hello all,
>
> Can anyone give me some dirt on Gauntlet (besides what Checkpoint's
> Marketing materials give)? I need to ensure that a customer knows that
> FW-1 is the way to go... I thought that they would appreciate that
> Gauntlet is a Proxy that only supports 26 protocols, but any
> other info
> would be very much appreciated!
>
> Thanks!
> Chuck.
>
>
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
