On 28/05/06 09:52 -0400, Marcus J. Ranum wrote:
> Devdas Bhagat wrote:
> >Only the Sith deal in absolutes.

> OK, so we need to come up with a good "sith name" for me.

Darth Sidious, Darth Marcus...

> This notion that security is a matter of degree is accurate in the large
> but inaccurate in the small. Unfortunately, we're all dealing with the
> small.

Not necessarily. This thread is dealing with the options in combining
components. Should we go with a large application in a box, a box with
multiple smaller applications put together by the vendor, or do we go
with multiple boxes, each doing one thing well?

While most of us would automatically say the third, the first offers
features and possible ease of management while the second offers ease of
management and the possibility that everything will work correctly with
minimum hassle.

The original question was about using the first or second option instead
of the third. What we have no clue about is what resources are being
defended, what the value of those resources is, what the time of the
management team for the firewalls costs, what resources are already

The answer is 42.

While the answers on this may say "Industry leaders say that we should
use multiple boxes", it does nothing to help answer the question of
actual suitability of the system(s) in question to deliver a desired
level of security.

Devdas Bhagat
firewall-wizards mailing list