Re: Wrt54G is a FW appliance?

On Sun, 31 Jul 2005 17:21:11 GMT, Leythos <void@nowhere.lan> wrote:

>> Better still please tell the audience why IPFilter
>>
>> http://coombs.anu.edu.au/~avalon/
>>
>> which runs on over half a dozen platforms and is shipped and supported by
>> Sun as standard on Solaris, is lacking in the firewall dept just because
>> it lacks thinly disguised marketing bollocks called 'certification'.
>
>If it's not been certified then how do you know it's really a firewall
>with REAL ability to protect? If there are no certifications, then what
>do you really know about the product?

If you need to ask that question, you really shouldnt be working as an IT
security professional.

Certification tells you SFA about any product or individual.

>If there is a standard acceptable level of protection, that seems to be
>accepted by the security community,

There isn't. RTFSP on all ICSA reports.

>Are you suggesting that all government agencies and corporate entities
>should be able to use IPFilter to reliably protect their LAN/DMZ areas
>because you say it's good enough?

A non sequitur. 'I' am not saying anything about it's utility. 'I' am
pointing out the fallacy in your argument.

'I', have built secure environments for customers using all of the above
and some, because 'I' personally have taken the products in question and
tested them to such an extent that 'I' personally was satisfied with their
fitness for purpose.

Putting any security product into a customer site purely on the say so of
some untrusted third party is profoundly irresponsible.

 
>> I refrain from recommending products purely on the basis of a tickbox
>> marked 'certification'.
>>
>> If you had spent five minutes figuring out how and why Sveasoft manages to
>> convert a so so broadband router into a truly useful firewalling
>> *appliance*,
>>
>> Then you wouldn't have asked such a profoundly daft question.
>>
>> http://www.sveasoft.com/content/view/3/1/
>
>Sure I would, as I don't see any certifying agency that claims it's
>secure.

Which has *what* to do with installing *anything* for ones customers.

You have personally tested everything you sell just to confirm that it does
exactly what it says on the tin ?

You are aware that marketing BS in no way reflects the real world
capabilities of any product ?

You are aware of the dictum 'process not product' ?

>I could push anything out there and "say" it's a firewall too,
>but until it's been tested against the industry standards and passed,
>there is no valid way to know just how good it is.

Uninformed nonsense.

>Maybe daft is believing that you don't need third-party validation of
>something that protects your home/business/corporation.

Will this '3rd party' indemnify me and/or my customers if their testing
and/or methodology is found wanting.

Who will my customers blame, if I install any product purely on the basis
of some 'third party validation' (to which I had no input) which was found
wanting in either performance or fitness for purpose ?

>[snipped list of features]
>
> When it's been tested by a certifying agency and passes, then it's a
>firewall,

No it damn well isn't. Read the small print.

> until that time we/you can hope that it's a firewall.

ROTFL! When was the last time you did a penetration test.

greg

-- 
"Access to a waiting list is not access to health care"