[Full-Disclosure] [OFFTOPIC] Zone Alarm

From: Kurt Seifried (listuser_at_seifried.org)
Date: 06/05/03

  • Next message: Eric N. Valor: "Re: Re: [Full-Disclosure] Zone Alarm"
    To: "Michael Reilly" <michaelr@cisco.com>, "Schmehl, Paul L" <pauls@utdallas.edu>
    Date: Wed, 4 Jun 2003 16:21:06 -0700
    

    Increased complexity is not a good thing. Think about it folks:

    Solution A) PC with zonealarm, relatively easy to configure (it's what I
    reccomend to most users).

    Solution B) Hardware firewall with potential security flaws such as web
    interface, firmware flaws, etc. Difficult for user to update, if firmware
    update fails product is largely "Dead". None of these systems I have seen
    have automated updates or even prompt the user to check for new software
    versions/etc. Result: firmware falls out of date, web interface/etc possibly
    exposed, increased exposure for user.

    Solution C) a PC with some form of UNIX installed to act as a firewall. User
    needs to learn to become UNIX administrator, configure and update system.
    You are kidding right? This opens up a HUGE number of potential
    vulnerabilities, increases complexity hugely, and costs quite a bit as well.

    This is insane.

    NOW PLEASE LET'S KILL THIS THREAD. DO NOT REPLY TO THIS PUBLICLY.

    Kurt Seifried, kurt@seifried.org
    A15B BEE5 B391 B9AD B0EF
    AEB0 AD63 0B4E AD56 E574
    http://seifried.org/security/

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Eric N. Valor: "Re: Re: [Full-Disclosure] Zone Alarm"