On Wednesday, January 25, 2006 10:19 AM, ArkanoiD so spake:
>Though i think people who buy Checkpoint stuff are somehow

>(i think if one tried that with, say, Cyberguard, we'd see completely
>different picture) the results are still scary. Damn scary. That means

>firewalls could be thrown off with no further harm to security.

Now wait a minute...I won't argue the "Checkpoint buyers may be
non-representative" statement, but that's too much of a jump of logic
for me to go from "misconfigured firewalls" to "firewalls [that] could
be thrown off with no further harm to security," especially because the
study only looked at 12 representative[1] components of the ruleset (2
of which were admittedly controversial). Surely having the firewall,
even with all 2 "errors" is better than having no firewall at all. A
more realistic conclusion could be that having more than half
(two-thirds? etc.) of the representative errors, indicates that the
administrator either doesn't know what he/she is doing, or was forced by
mgmt to configure it in a non-secure manner (or both).


[1] As representative as possible, given the potentially hundreds or
thousands of possibilities. The fact that such a study was even done at
least gives one a gauge from which to guide new/seasoned admins. I look
at it like the SANS Top 10 security holes, that gives one another data
point from which to learn.
firewall-wizards mailing list