North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 andVPN-1
Christopher L. Morrow [2/5/2004 10:45 PM] : of course, but you do have to contend with the fact that it takes at least some amount of IQ beyond the point and click level to fire up vi and use a command line interface. :)Sure, anything is dangerous in the 'right' (wrong?) hands. Is the fault with the vendor or the person(s) implementing or the 'management' of said person(s)? Even an openbsd firewall is a problem if not properly admin'd. Neal Stephenson's "in the beginning was the command line" is an interesting take on this, I think. Actually, the problem is that when dealing with a bunch of know it alls like that, even waving manufacturer's documentation in front of them doesn't really helpNope, but pointing out their failures in a sensible manner to their management is helpful... sometimes atleast :( Failing any action there the whole group is just shooting themselves in the foot and there isn't much you can do about that, is there? (except to get out of the blast radius) Like my friend's cable ISP, that recently turned on "smtp fixup" on a cisco pix on port 25 across their entire network. He's got a static IP, runs linux + postfix, and is still left with a completely crippled mailserver (no AUTH, no TLS, no ESMTP ...) thanks to this. Waving cisco docs at them doesn't seem to have helped at all. [Moving is tough, they are the only broadband in the bangalore suburb where he lives] -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
|