Re: Wrt54G is a FW appliance?

From: Greg Hennessy (me_at_privacy.org)
Date: 07/31/05 

Date: Sun, 31 Jul 2005 19:41:57 +0100

On Sun, 31 Jul 2005 17:21:11 GMT, Leythos <void@nowhere.lan> wrote:

>> Better still please tell the audience why IPFilter
>>
>> http://coombs.anu.edu.au/~avalon/
>>
>> which runs on over half a dozen platforms and is shipped and supported by
>> Sun as standard on Solaris, is lacking in the firewall dept just because
>> it lacks thinly disguised marketing bollocks called 'certification'.
>
>If it's not been certified then how do you know it's really a firewall
>with REAL ability to protect? If there are no certifications, then what
>do you really know about the product?

If you need to ask that question, you really shouldnt be working as an IT
security professional.

Certification tells you SFA about any product or individual.

>If there is a standard acceptable level of protection, that seems to be
>accepted by the security community,

There isn't. RTFSP on all ICSA reports.

>Are you suggesting that all government agencies and corporate entities
>should be able to use IPFilter to reliably protect their LAN/DMZ areas
>because you say it's good enough?

A non sequitur. 'I' am not saying anything about it's utility. 'I' am
pointing out the fallacy in your argument.

'I', have built secure environments for customers using all of the above
and some, because 'I' personally have taken the products in question and
tested them to such an extent that 'I' personally was satisfied with their
fitness for purpose.

Putting any security product into a customer site purely on the say so of
some untrusted third party is profoundly irresponsible.

 
>> I refrain from recommending products purely on the basis of a tickbox
>> marked 'certification'.
>>
>> If you had spent five minutes figuring out how and why Sveasoft manages to
>> convert a so so broadband router into a truly useful firewalling
>> *appliance*,
>>
>> Then you wouldn't have asked such a profoundly daft question.
>>
>> http://www.sveasoft.com/content/view/3/1/
>
>Sure I would, as I don't see any certifying agency that claims it's
>secure.

Which has *what* to do with installing *anything* for ones customers.

You have personally tested everything you sell just to confirm that it does
exactly what it says on the tin ?

You are aware that marketing BS in no way reflects the real world
capabilities of any product ?

You are aware of the dictum 'process not product' ?

>I could push anything out there and "say" it's a firewall too,
>but until it's been tested against the industry standards and passed,
>there is no valid way to know just how good it is.

Uninformed nonsense.

>Maybe daft is believing that you don't need third-party validation of
>something that protects your home/business/corporation.

Will this '3rd party' indemnify me and/or my customers if their testing
and/or methodology is found wanting.

Who will my customers blame, if I install any product purely on the basis
of some 'third party validation' (to which I had no input) which was found
wanting in either performance or fitness for purpose ?

>[snipped list of features]
>
> When it's been tested by a certifying agency and passes, then it's a
>firewall,

No it damn well isn't. Read the small print.

> until that time we/you can hope that it's a firewall.

ROTFL! When was the last time you did a penetration test.

greg 

-- 
"Access to a waiting list is not access to health care"

Relevant Pages

  • Re: Wrt54G is a FW appliance?
    ... A Cisco router with a firewall feature set is a firewall. ... You're now attempting to move the goalposts from 'certification' to 'tested ... Some of us do have customers who require high packet rate gig-e solutions, ... >that are willing to risk their business reputations on unproven solutions ...
    (comp.security.firewalls)
  • Re: Wrt54G is a FW appliance?
    ... > Who will my customers blame, if I install any product purely on the basis ... have added - at the same time, it does not mean it's not a firewall. ... quality firewall without any certification - and I don't know many people ...
    (comp.security.firewalls)
  • RE: RE : ICSA certified - better?
    ... I won't even try to suggest that vendors do not look at ICSA Labs ... brings vendors to submit products to ICSA Labs for certification ... testing against version 4.0 of the criteria has had issues come up ... Every product that has been granted ICSA Labs Firewall ...
    (Focus-IDS)
  • Re: Validity/Strength of IEC standards
    ... only certify our medical device to the IEC-60601-1standards since ... certification for a specific IEC 60601 standard is, ... The IEC standard is a generic standard. ...
    (sci.engr.electrical.compliance)
  • XPs built-in firewall unreliable?
    ... ICMP packets -- even though its ICF feature (the build-in ... Internet Connection Firewall) was supposed to be enabled. ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
    (NT-Bugtraq)
Quantcast