lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <002501c45e2e$6b6dc8c0$c900a8c0@tcnet001>
From: tom.curry at telus.net (Tom Curry)
Subject: PIX vs CheckPoint

I would agree! We tried to implement Checkpoint but as the deadline
approached we returned the product and implemented a PIX solution. We
retained experienced help for the install/setup since we had only two weeks
remaining after being abused by Checkpoint support for a month, but after
some training we were able to bring everyhting in-house easily. Now been
running for 4 years and we haven't had any downtime. 

Doesn't hurt the resume to list Cisco experience either....

-Tom

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Eric Paynter
Sent: June 29, 2004 4:28 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] PIX vs CheckPoint


On Tue, June 29, 2004 2:34 pm, John Kinsella said:
> On Tue, Jun 29, 2004 at 01:46:30PM -0700, Eric Paynter wrote:
>> On Tue, June 29, 2004 11:59 am, James Patterson Wicks said:
>> > CheckPoint's interface is very intuitive and easy to use.
>> Easy to use in a "Microsoft" kind of way. Last I heard, it does nice 
>> things for you like always allow DNS traffic through, even if you 
>> have no port 53 rule and a deny all policy. How helpful!
>
> Sounds like somebody needs to learn how to run FW-1.  There's several 
> "implied" rules which are set from Global Properties, and are only 
> displayed/logged if you specity to display/log implied rules.

Lots of people need to learn it. That's the point. Like Windows, FW-1 has a
nice pretty GUI that makes a novice administrator feel like a pro, while
leaving gaping holes in security. These pretty GUIs and the sense of power
they instill on novices is why we have millions of compromised systems
connected to the Internet today.

PIX may be a pain to learn, but, like Unix, you tend to see a more
professional approach to its maintenance. It is a "once learned, easy to
use" type interface. At one company I worked for, they started with FW-1.
After a couple of years they switched to PIX. At first everyone was nervous
- PIX had a CLI!! Scary!! What if mistakes are made?? Once the
administrators had finished their Cisco training, they said they would never
go back to FW-1 because the PIX interface was so much easier to use.

-Eric

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ