From owner-freebsd-security Sat Oct 7 11:40:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from firefly.prairienet.org (firefly.prairienet.org [192.17.3.3]) by hub.freebsd.org (Postfix) with ESMTP id CD7FA37B671 for ; Sat, 7 Oct 2000 11:40:01 -0700 (PDT) Received: from sherman.spotnet (slip-82.prairienet.org [192.17.3.102]) by firefly.prairienet.org (8.9.3/8.9.3) with ESMTP id NAA04385; Sat, 7 Oct 2000 13:39:49 -0500 (CDT) Date: Sat, 7 Oct 2000 13:39:57 -0500 (CDT) From: David Talkington X-Sender: dtalk@sherman.spotnet To: Craig Cowen Cc: Darren Reed , "freebsd-security@FreeBSD.ORG" Subject: Re: Check Point FW-1 In-Reply-To: <39DEDD2B.E5BF4463@allmaui.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- >Thanks, >They are going to put it on an NT machine. >They don't trust ipfilter or anything else that is not commercial. >Maybe I could get some suits to guarentee it with a corporate label. Two possible angles: a) it's natural for the boss to distrust what he or she doesn't understand (this is the most charitable explanation). If you have a good relationship with management, they truly care about data security, and they trust you, you'll have to understand their fear and try to educate them (by educating yourself to the nines). b) To a boss concerned about the bottom line, a purchase equals accountability (e.g., someone to sue when it breaks). This is (in my humble opinion) typical of management that doesn't really care about security of the company's data per se, but just wants their personal asses covered. Academics aside, you haven't said what your role is in this company, but if you're placed in a position of responsibility for an organization's security, and not given the authority to make decisions affecting that security, you'd better have a current resume. =) - -d - -- David Talkington Community Networking Initiative dtalk@prairienet.org 217-244-1962 PGP key: http://www.prairienet.org/~dtalk/dt000823.asc Craig Cowen wrote: > >Craig > >Darren Reed wrote: > >> In some mail from Craig Cowen, sie said: >> > >> > The big cheeses at work want to use check point instead of ipf or any >> > other open source solution. >> > Can anybody help me with vunerabilities to this so that I can change >> > thier minds? >> >> Tell them that IP Filter is the software which protects Firewall-1 from >> the Internet when running on Solaris - you have to go with naked FW-1 on >> NT. There are two factors to this equation, however. FW-1 is typically >> deployed on Solaris/NT machines although now the Nokia box makes up a >> large number of those sales. The Nokia boxes run IPSO which was, long >> ago, FreeBSD (I'm told it no longer bears much resemblence). >> >> Darren >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQEVAwUBOd9uAb1ZYOtSwT+tAQFIYAf7B9wLYqVkBrHKbQp5Wmb+4CIwYZG7XLQH wcypMIu2pjjjvzzSq0DTK7GI0jWXn+1tcgUsID9S3MGseyZKDcmYIsjU0RlgzWBp AulCZ2xoBzpx9VK6Fca9OcOGgmJZFZwBDWgMaU2R0mifye2GMS3qtNPTZyBKa8lN jGRIa+YoWq9a8gc9N19fIvpML3xawfONSaP2kn0yvyFEMSV8PA/EP4CZe3qPq5/B gL6jwLger6G4Fn4pte+PCfsBckSEOGZ+pfUM5GqEbT6zXGkSusT+iypZYlEKAbBn WU14Pbb0Cv4bjeIbaYPpMLTFskiajQgfShM30zeJp05xNjjclc+NDw== =7L5Q -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message