| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <41621.198.162.158.16.1088548096.squirrel@198.162.158.16> From: eric at arcticbears.com (Eric Paynter) Subject: PIX vs CheckPoint On Tue, June 29, 2004 2:34 pm, John Kinsella said: > On Tue, Jun 29, 2004 at 01:46:30PM -0700, Eric Paynter wrote: >> On Tue, June 29, 2004 11:59 am, James Patterson Wicks said: >> > CheckPoint's interface is very intuitive and easy to use. >> Easy to use in a "Microsoft" kind of way. Last I heard, it does nice >> things for you like always allow DNS traffic through, even if you have >> no port 53 rule and a deny all policy. How helpful! > > Sounds like somebody needs to learn how to run FW-1. There's several > "implied" rules which are set from Global Properties, and are only > displayed/logged if you specity to display/log implied rules. Lots of people need to learn it. That's the point. Like Windows, FW-1 has a nice pretty GUI that makes a novice administrator feel like a pro, while leaving gaping holes in security. These pretty GUIs and the sense of power they instill on novices is why we have millions of compromised systems connected to the Internet today. PIX may be a pain to learn, but, like Unix, you tend to see a more professional approach to its maintenance. It is a "once learned, easy to use" type interface. At one company I worked for, they started with FW-1. After a couple of years they switched to PIX. At first everyone was nervous - PIX had a CLI!! Scary!! What if mistakes are made?? Once the administrators had finished their Cisco training, they said they would never go back to FW-1 because the PIX interface was so much easier to use. -Eric
Powered by blists - more mailing lists