Tuesday, September 25, 2007

firewall-wizards Digest, Vol 17, Issue 20

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Pix rulebase/policy analysis (James)


----------------------------------------------------------------------

Message: 1
Date: Mon, 24 Sep 2007 10:40:44 +1000
From: James <jimbob.coffey@gmail.com>
Subject: Re: [fw-wiz] Pix rulebase/policy analysis
To: "Firewall Wizards Security Mailing List"
<firewall-wizards@listserv.icsalabs.com>
Cc: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID:
<343aa4f80709231740t2613db18ibc6cb5d2b81f161f@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

On 9/23/07, Richard Golodner <rgolodner@infratection.com> wrote:
> My suggestions were based on the fact that he describes himself as
> new to the Pix. You make very good points regarding the text editor, but I
> have never had a problem using one.

That's the problem, you never have a problem until you have one ;-)

> Version drift is also a concern, but hopefully there is only one
> person actually making the changes to the device and maintaining the
> documentation. Even at some of the larger SPs I have worked at there was one
> person devoted to this task.

Wow one person !!!! . A point of failure not too mention a security
risk (unless all changes
are audited by another party). It must be a low change environment
which is great if you can get it but i would still worry about the
getting hit by a bus scenario.

> Obviously you are a much younger person than me as you demonstrate
> insight into current technologies that an old man like me is just too lazy
> to incorporate. LOL!

I think it is the other way around. I am too lazy to maintain
multiple sets of doco
when the devices can do it themselves. It's a bit like coding, use
variables and function names that have real meaning and you can halve
your code comments.

--
jac


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 17, Issue 20
************************************************

No comments:

Post a Comment