> Though i think people who buy Checkpoint stuff are somehow non-representa=
tive
> (i think if one tried that with, say, Cyberguard, we'd see completely
> different picture) the results are still scary. Damn scary. That means 80=

%
> firewalls could be thrown off with no further harm to security.


I've been meaning to stay away from this fun, but [by far] too bigoted
discussion, but this spiked my curiosity. What't wrong with Checkpoint
[in this context]? I have a sneaking suspicion that its the pretty
GUI. Am I correct?

However, I suspect that a "pretty GUI" is a reasons the results for
Cybergard (or, iptables, for that matter) will be way more horrendous.
A well-designed and intuitive rule UI will likely work to reduce the
errors made by the admins thus, indirectly, incresing security and the
value of a firewall.

On a related note, I was shocked when I've heard that some org was
choosing an anti-virus (from all things!) based on its management UI
intuitiveness, but it does make sense on some level: bad UI -> admins
hate the product -> its not used / not configured right -> security
suffers.

Thus, "pretty UI" =3D "higher security" :-)

Fight on! :-)

Best,
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA http://www.chuvakin.org
http://www.securitywarrior.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards