At 10:39 AM -0500 4/1/98, Jody Patilla wrote: > I refer to this as the Mojo Bag Theory of Firewall Purchase. The >idea is that you buy one and just having it keeps away the evil eye. :-) >(Burning incense in front of the firewall may or may not be a "best >practice", depending on the particular shaman, er, consultant, that you >call in to do the eval.) Waving a rubber chicken (painted NCSC Orange) is believed to be effective in some environments. We get occasional requests for it, but I've come to dislike the marathon dance that goes with it. However, once you discard the moral and technical absolutism that goes with such regimes, you've simply substituted one form of shamanism for another. And this is our pivotal philosophical problem: just what in heck *are* we trying to do with our magic potions and products, anyway? I've spent the past half hour trying to pen some erudite statement on this. I seem to favor "deterrence" as a central concept these days, tho' such a stance makes it harder for me to run down competing "inferior" products. If deterrence is the main thing, then just about anything except pure placebo is going to give some (albet modest) level of deterrence. So just about any firewall that's got enough gumption to block ICMP traffic on request is "ready for prime time" as far as some customers are concerned. What a depressing thought. Rick. rsmithat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:53:58 PDT