Firewall Wizards mailing list archives
RE: Opinion: Worst interface ever.
From: "Eugene Kuznetsov" <eugene () datapower com>
Date: Wed, 6 Jul 2005 09:11:57 -0400
I recall this argument all to well during the early days of implementing firewalls. Customers used to go gaga over some X11 based UI from some vendor versus a curses based ui, that was simple to use and less than 7 or 8 config options and a customer's firewalls was up and protecting their network from the baddies.
Exactly... The sad reality is that many (even majority) of people charged with buying "security products" today will choose a provably insecure solution (e.g., known exploits) with a "prettier/easier" UI over one that has better security attributes but less attractive. This gets progressively worse as you move from Layer2/3 security to Layer7 & up application security or identity management. Of course, a great commercial product should and does have both. But the interesting question for the professional is that if you have a vendor evaluation matrix that looks like this: Vendor: UI: Security: AliceBox B- A MalloryBox A+ C What is the choice that gets made? Sadly, it's MalloryBox, almost always. Because, you know, you can *SEE* what's wrong with AliceBox, while the security parameters are "subtle" and "subjective". Before anyone else says it: obviously there's a point where a UI can be so bad that it compromises the security achievable with it. Paul's example may fit into that case, but I think it's important to stand up for security as the first and dominant criteria. \\ Eugene Kuznetsov, Chairman & CTO : eugene () datapower com \\ DataPower Technology, Inc. : Web Services security \\ http://www.datapower.com : XML-aware networks _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Opinion: Worst interface ever., (continued)
- Re: Opinion: Worst interface ever. Jan Tietze (Jul 06)
- Re: Opinion: Worst interface ever. Dave Piscitello (Jul 18)
- Re: Opinion: Worst interface ever. sin (Jul 21)
- RE: Opinion: Worst interface ever. Paul D. Robertson (Jul 05)
- Firewall Log Analysis - Computer vs. Human Adrian Grigorof (Jul 06)
- Re: Firewall Log Analysis - Computer vs. Human Kevin (Jul 06)
- Re: Firewall Log Analysis - Computer vs. Human Devdas Bhagat (Jul 06)
- RE: Firewall Log Analysis - Computer vs. Human Paul Melson (Jul 19)
- RE: Opinion: Worst interface ever. Mark Teicher (Jul 06)
- RE: Opinion: Worst interface ever. Eugene Kuznetsov (Jul 06)
- RE: Opinion: Worst interface ever. Paul D. Robertson (Jul 06)
- Re: Opinion: Worst interface ever. Ian Rae (Jul 06)