Yea, it was certainly ignorant of me to think you were able to understand simple concepts, that you might not be a troll.
Come back when you understand enough about OS's and applications to know that a derivative work is not the same as the original.
Facts taken out of context are what trolls use to divert from a subject and to play games - you're doing nicely as a troll.
Unlike you, I stand behind, beside, in front, of all my statements (in context) at all times and have no issues admitting when I've made a mistake. It's trollers like you that can't answer simple questions, and try and divert threads when they don't know enough to discuss the topics or to just have attention.
I never claimed it was based on OpenBSD, that's your brother stating that.
What part of understanding that a secure OS, meaning one that can be secured, has nothing to do with the installation of the OS being secure? Just because an OS "CAN" be secure does not mean that all installations of the OS are secure, nor does it mean that MOST installations of the OS are secure.
As is your complete lack of understanding and continued inability to provide information from a reputable source that indicates the 54g and the third-party firmware is a firewall.
Come back when you have some documented information from a reputable source on the 54g + third-party firmware as being a reliable / quality firewall system.
Yes, never denied it or disputed it. Being the most secure general purpose OS does not make its inclusion into the 54g package as secure, in fact, until the 54g and firmware is tested even you can't tell if they left a hole or any other exploit open.
You say things like that and then have brass to claim somebody else doesn't understand "enough about OS's and applications to know that a derivative work is not the same..."?
Am I being too kind by suggesting you are merely ignorant?
I think you don't comprehend what I said - OpenBSD has a clear reputation for being the most secure OS available, no dispute about that. What you fail to see is that it's only as secure as the installer makes it - which means that I (or anyone) could easily install OpenBSD on a box and screw up the configuration and it would be compromised.
What part don't you seem to understand about the above?
Oh FFS! Do grow up my little projecting cretin.
I quoted exactly where in
"Being the most secure general purpose OS does not make its inclusion into the 54g package as secure"
and less than 24 hours later you're attempt to deny making the statement.
Your own words make it more than self evident that you have absolutely no idea of the subject matter under discussion.
It's not the fault of the audience that your fragile defensive ego will not permit you to recognise this.
Please continue with the pathetic flailing in some childish attempt to have the last word.
One wouldn't be surprised if Watchguard doesn't ask you to get a grip and STFU before embarrassing them further by association.
greg
Yep, I said that, never denied saying that. But, if you could read, I also didn't say that it IS included. Since you've got to talk about OpenBSD in this thread, either you belive it's part of the thread or not, and since the thread is about the 54g and firmware, then you must have thought it (openBSD) was relevant to the 54g/firmware or you would not have brought it up first (unless you were trolling and using diversionary tactics). So, as I said, inclusion of OpenBSD into the 54g package doesn't make it secure. I did not say it "is" included, only that if it was included, that it would not make it secure.
Why do you keep going back to WG, do you have some vendetta against WG? Is that what this is really about - you have some hidden agenda to slam WatchGuard?
Keep failing to address the subject of the thread - you're doing good at avoiding the question and answer.
Unbelievable......
A hysterical attempt at diversion......
I'm sure that just as you can screw up the configuration of OpenBSD, you can screw up the configuration *every* model that has been certified by ICSA too.
Your logic leaves a great deal to be desired, and adding in these silly statements like "What part don't you..." at every point where you are confused is not helping you to learn.
...
In addition to being logically challenged, you don't read English well.
So, then you agree with me - just because someone installs OpenBSD, that it doesn't make it a secure installation. Which is the entire point of this thread - just because someone writes new firmware for a device and calls it a firewall, that doesn't make it a firewall.
Now that we agree that openBSD isn't always secure, that something called a firewall without testing/certification may not be a firewall, I don't see what your problem is.
So, then you agree with me - just because someone installs an ICSA certified model, that it doesn't make it a secure installation. Which is the entire point of this thread - just because someone pays for ICSA certification for a device and calls it a firewall, that is not what makes it a firewall.
Now that we agree that ICSA certified equipment isn't always secure, that something called a firewall with testing/certification may not be a firewall, I don't see what your problem is.
(Actually though, I do see that you can't follow logic, and don't have enough background to understand a discussion of firewall technology.)
I agree that nothing installed by anyone human without further testing can be considered as fully secure. Where you fail to understand things is that Firewall solution that has been passed/tested and documented as being secure is far more likely to be a viable security solution than something that's not been tested by any reputable agency.
The entire point is that by using known certified/tested products that have documented test methods and result sets, we don't have to put them through the same tests on our own in order to determine if they MIGHT be securable. Certification means that in a documented test under specific conditions, that the device didn't break.
Without certification or other reputable testing and publishing of the results, you start at square one with with the device and have no basis to judge if the product is worthy or not.
When I purchase a device that has passed testing methods considered by the community as being of a quality nature and indicative of calling the device certified as a firewall, I have an expectation that the device will perform as a firewall. When I download some third-party firmware that's not been reviewed by some reputable agency I don't have any expectations that the firmware qualifies as a "Firewall" solution in any manner - I see it as strictly a test/project/toy.
Wrong, if the device is tested and passes, it's a firewall at the point it was tested. That doesn't mean you can't misconfigure it, but it does mean that it passed specific testing methods and results that are documented that you and I can look at to determine, without having to do the testing ourselves, that the device meets criteria x,y,z as a firewall. Without certification or other reputable testing you don't know what criteria the device meets and you don't have any reason to expect it to perform as a firewall (or anything else).
If you can't understand my reply in this post you can't grasp the concepts enough to be worth any more of my time.
That is true. Now if you only understood what you are saying!
The "further testing"... can't be done *before* hand, so your insistence that some similar configuration be certified by ICSA is simply not valid.
Your understanding of "reputable agency" is simply *wrong*.
IPfitler and IPtables have both passed the test of time and scrutiny by a much more stringent agency than ICSA (though in fact, both have obviously been tested and passed by ICSA).
Since you *don't* *duplicate* the same configuration, you don't know any more about how secure it is than you do about any other implementation.
Now if only you understood what you are saying. ICSA certifies an IPtables implementation on one device... and you say the
*device* is therefore a firewall, but IPtables isn't.Yet your configuration of IPtables is just as untested on that one device as it is on *any* *other* device using IPtables.
The fact is they *are* all using the same IPtables, and it is just as likely to "perform as a firewall" on *any* of them.
The same is true of the IPfilter software.
...
Your reply was not logical, and you continue to make invalid statements.
It's certification on a specific device with specific firmware running the device, does not mean that the IPTables installation on another device is also secure. This is the part you need to understand, just because it's got IPTables in the system does NOT mean it's secure.
But the thing you have always missed is that if I take a certified appliance and install it, by default it's suppose to be secure until I make changes. Then, if I follow the proper process as documented by the certification and vendor, it should still remain secure.
Your IPtables setup running in an untested/uncertified solution has no base level to start with, and could very well be unsecured by default.
That's what separates the men from the boys - men don't "assume" that just because it has IPTables installed, that it's in any manner secure, only that it has IPTables running. There is nothing to indicate that any device running IPTables is as good as any other device, unless you have documented testing/results showing such.
And the same is true again - installation does not ensure security and installation on unproven platforms without certification or other reputable testing is just plain stupid for a business solution.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.