RE: [fw-wiz] so much for "deny all"

From: Dave Piscitello (dave_at_corecom.com)
Date: 06/12/05

  • Next message: Paul Melson: "RE: [fw-wiz] Strange Pix behavior." 
    To: "Tina Bird" <tbird@precision-guesswork.com>
Date: Sun, 12 Jun 2005 09:12:07 -0400

    On 10 Jun 2005 at 14:51, Tina Bird wrote:

    > > From: Dave Piscitello [mailto:dave@corecom.com]
    > >
    > > This is very good publicity for firewall vendors not in the list who
    > > provide a default "DENY ALL" in policy configuration. I'll enjoy
    > > tormenting friends at these companies over this:-)
    >
    > I guess that's one way to look at it. I'd like to think that folks at
    > those companies will be cringing

    for the record, I did mention this to one of the companies listed and
    they are moritified.

    > real world as defined by Gartner.

    strip the adjective

    > Well, the company at which I did my first firewall install replaced
    > the whole shebang within a year of my leaving, claiming that my
    > rock-solid Sidewinder infrastructure was too hard to manage

    This could begin an new thread entirely: change introduced under the
    guise of "complexity" when it really is "we downsized our expertise
    and can't do what we did before".

    > I have seen several organizations replace firewall or VPN
    > architectures, and almost never for a technical reason - almost always
    > for political or financial ones.

    I've seen SSL VPNs replace IPsec RA VPNs, but the firewall remains
    and continues to terminate site-to-site IPsec.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Paul Melson: "RE: [fw-wiz] Strange Pix behavior."

    Relevant Pages