> So why would Cyberguard, or any other product, be better
> configured? The same types of people, in the same organizations,
> would run it...

As a general observance, customers of CyberGuard, Secure Computing, or other
higher-than-average security products use more due diligence in selecting
products. That's why they selected the products in the first place.
Many of them will get evaluation units and actually run their own VA scans
to and through them to see how they hold up under load and malicious traffic
instead of relying on the pretty pictures in the glossy brochure.

I suspect that many (most?) mainstream product purchases are a result of an
exec seeing an ad in WSJ or other brand recognition and succumb to
marketspeak rather than making informed decisions through their own

Don't get me wrong, I've seen some pretty bonehead configurations on these
products too, especially when execs insist on stuff like raw native access
from outlook to exchange because it's "too hard" to use a VPN client. But as
a generalization, the admins of CG & SC are a pretty savvy lot. Smarter than
your average bear, even.

> or is Cyberguard
> only sold to admins that pass a cluefullness test?

No, but I try my best to sell them a clue by asking about their policy first
and how they expect the firewall to enforce it.


Disclaimer: Opinions are strictly my own. I represent the aforementioned

firewall-wizards mailing list