This is a discussion on Re: [fw-wiz] FW appliance comparison - Seeking input for the forum - Firewalls ; > Though i think people who buy Checkpoint stuff are somehow non-representa= tive > (i think if one tried that with, say, Cyberguard, we'd see completely > different picture) the results are still scary. Damn scary. That means 80= % ...
> Though i think people who buy Checkpoint stuff are somehow non-representa=
> (i think if one tried that with, say, Cyberguard, we'd see completely
> different picture) the results are still scary. Damn scary. That means 80=
> firewalls could be thrown off with no further harm to security.
I've been meaning to stay away from this fun, but [by far] too bigoted
discussion, but this spiked my curiosity. What't wrong with Checkpoint
[in this context]? I have a sneaking suspicion that its the pretty
GUI. Am I correct?
However, I suspect that a "pretty GUI" is a reasons the results for
Cybergard (or, iptables, for that matter) will be way more horrendous.
A well-designed and intuitive rule UI will likely work to reduce the
errors made by the admins thus, indirectly, incresing security and the
value of a firewall.
On a related note, I was shocked when I've heard that some org was
choosing an anti-virus (from all things!) based on its management UI
intuitiveness, but it does make sense on some level: bad UI -> admins
hate the product -> its not used / not configured right -> security
Thus, "pretty UI" =3D "higher security" :-)
Fight on! :-)
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA http://www.chuvakin.org
firewall-wizards mailing list