admin tools and their usefulness. EmBSD is an embeddable teardown of
OpenBSD. Read from the middle down, then the top, for maximum understanding.
To: embsd@research.suspicious.org
Subject: OT : clients, was: [embsd] Re: Management interface
<Offtopic tangent=clients>
The people who I sell firewalls to, run Windows and related garbage. This
is the current scheme by which I'm trying to pay bills..
Part of the reason they need a firewall is what they run. If they were all
running properly administered OBSD boxen on their desks, they would
be a lot safer.
If they had a full-time security admin, they'd be safer.
They want to run crap software, and they can't afford a fulltime security admin,
so I (we) try and get them the next best thing, which is a tightly secured firewall
appliance gizmo that in it's default configuration improves their security immensely
(NAT + stateful filtering, etc) .
But: They paid for the thing, and (hopefully) have a service contract, so if
they want to 'configure' it or want me to, then that's fine: It makes it more useful,
and hopefully I get paid for the work.. And how else would VPNs work?
We don't have opportunistic enc[r]yption yet, do we?
Hopefully that assists in your understanding of the problem we're trying to solve.
Something close to 80% of the desktops in the world run Windows, and we'd
be fools to assume all those Linux, Solaris, and Mac desktops are much
more secure by default..
</offtopic rant about clients>
At 05:04 PM 4/23/01 -0700, you wrote:
On Mon, Apr 23, 2001 at 07:47:52PM -0400, Rob Funk wrote:
> You misunderstand me. Firewall admins are users of the firewall.
> They are not necessarily developer-types who run Unix and always have
> a terminal window handy. In fact, they probably run Windows on their
> desktop more often than not.
> They often like happy-friendly graphical configurator interfaces.
Did I read that correctly? Did you *actually* just say that Firewall
admins usually run Windows?
Wow.
The cluetrain station is that way. --> Train leaves in 3 minutes. If
you hurry, you can still catch it....
Michael