RE: Opinion: Worst interface ever.

["Eugene Kuznetsov" <eugene () datapower com>]

> I recall this argument all to well during the early days of 
> implementing firewalls.  Customers used to go gaga over some X11 
> based UI from some vendor versus a curses based ui, that was simple 
> to use and less than 7 or 8 config options and a customer's firewalls 
> was up and protecting their network from the baddies.

Exactly... The sad reality is that many (even majority) of people charged
with buying "security products" today will choose a provably insecure
solution (e.g., known exploits) with a "prettier/easier" UI over one that
has better security attributes but less attractive. This gets progressively
worse as you move from Layer2/3 security to Layer7 & up application security
or identity management. 

Of course, a great commercial product should and does have both. But the
interesting question for the professional is that if you have a vendor
evaluation matrix that looks like this:

Vendor: UI:     Security:
AliceBox        B-      A
MalloryBox      A+      C

What is the choice that gets made? Sadly, it's MalloryBox, almost always.
Because, you know, you can *SEE* what's wrong with AliceBox, while the
security parameters are "subtle" and "subjective". 

Before anyone else says it: obviously there's a point where a UI can be so
bad that it compromises the security achievable with it. Paul's example may
fit into that case, but I think it's important to stand up for security as
the first and dominant criteria. 


\\ Eugene Kuznetsov, Chairman & CTO  : eugene () datapower com 
\\ DataPower Technology, Inc.        : Web Services security 
\\ http://www.datapower.com          : XML-aware networks   


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards