Linux Based Firewalls

[bmcculley at rcn.com]

Jumping in on a couple of points here...


---- Original message ----
>Date: Tue, 18 Nov 2003 19:48:35 -0500 (EST)
>From: bscott at ntisys.com  
>Subject: Re: Linux Based Firewalls  
>To: Greater NH Linux User Group <discuss at gnhlug.org>
>
>On 14 Nov 2003, at 10:16am, lists at karas.net wrote:
>> Not to slight you, but I can find many companies that will
support other
>> vendors products, but I want a channel into the actual mfgr.

I also care about the quality of that channel.  I've had too
many experiences with major vendors whose service
organizations have been value-engineered to death, outsourced
overseas, and generally emasculated in the hopes that with
sufficient base product quality the failure rate will be low
enough that vendor lockin will have preceded discovery of the
futility of those service channels.  Basic counterstrategy is
customer self-reliance and resiliancy to engineer avoidance of
single points of failure.  Open source facilitates both.


>> So, when we see very "odd" occurrences of problems, that
are often due to
>> a firmware bug, we can get a direct answer.
>
>  This is even better.  I'm sure everyone has experienced a
vendor who says,
>"Oh, no, it couldn't *possibly* be a bug in our product.  You
must be doing
>something wrong."  And then, of course, it turns out that it
*is* a bug,
>they just didn't want to admit it.  With Open Source, you've
got the source.  
>Suspect a bug?  Check the code and prove it.

May not be that they don't want to admit it, they may not even
know it, at the level you can reach in the support org.

>> My concern isn't in making it work, or handling the general
oddities, it's
>> when things go REALLY wrong.  At 2AM.  On a Saturday.
During the
>> holidays...

Whose holidays?  Overseas outsourcing of service desks by some
vendors can be a benefit here if the holiday seasons are
different, but then that never seems to offset the other problems.


Just another cynical view...

-Bruce McCulley
freelance CISSP