5,2 Firewall product functional summaries 119
Firewall product functional summaries
Current firewall product literature lacks true standards, a problem encoun-
tered by many firewall shoppers. Vendors naturally prepare marketing liter-
ature that puts their products in the best possible light and describes them
in ways that are appropriate to the company's design and sales philosophies.
However, standards have emerged in other areas of hardware and software,
both in terminology and the description of features. For example, when a
car brochure refers to antilock brakes or touts dual air bags, we can expect
these items to fall within certain parameters.
Hoping to apply this type of standardization to firewall product descrip-
tions, the ICSA Firewall Product Developers Consortium has supported a
solution, developed by Marcus Ranum of Network Flight Recorder, Inc.
(http://www.nfr.net), referred to as "Firewall Product Functional Summaries."
The purpose of the firewall product functional summary program is twofold:
1. To provide a structured format in which vendors can describe the
distinguishing features and advantages of their products
To provide a structured format from which potential firewall cus-
tomers can compare and contrast the features and design princi-
ples of firewall products
In other words, we want vendors to provide product information in a
format that allows potential firewall customers to make meaningful com-
parisons between products. Over the past three years, ICSA has collected
Firewall Product Functional Summaries from members of the Firewall
Product Developers Consortium and posted them on the ICSA web site.
Copies have also been made available on the Third Annual Firewall Buyer's
Guide CD. The summary format used in the program was derived through
an open process including firewall vendors, agencies of the computer-security
community, and the firewall customer community. Marcus Ranum coordi-
nated this cooperative industry effort.
The next two paragraphs describe the thinking behind the Firewall
Product Functional Summaries. The remainder of this section provides an
overview of what firewall shoppers will find in Firewall Product Functional
Summary documents.
Computer-security systems, like other mission-critical systems, must
have sound basic design principles, and the implementation of those prin-
ciples must be of high quality. When choosing a computer-security sys-
tem, then, the customer must have a means to judge the capabilities and
design principles of the system in terms of the protections required by
I Chapter 5
120 5.2 Firewall product functional summaries
that customer's intended deployment of the system. The Firewall Product
Functional Summary program permits manufacturers of computer-security
products to present their products and designs in the best possible light,
while adhering to a format that encourages accurate product comparison.
The summary format requests information from the vendor about design
decisions made in a number of important areas, yet tries to permit the
response to be as flee-form as necessary so as not to constrain the vendor
within the bounds of a narrow definition of what constitutes a firewall.
Since the network security field is dynamic and rapidly growing, new tech-
niques and terms are constantly brought into use. To provide a basis for
clear communication, the summary format includes a simple glossary of
terms and definitions. Vendors are welcome to define their own terminol-
ogy, distinct from the terms in the glossary, but are requested to provide
definitions in the glossary section for new terminology that is coined, and
to annotate them as such. Readers are encouraged to peruse the glossary
section for annotations and definitions of such new terms as may appear.
The following overview describes the contents of the sections included
in the Firewall Product Functional Summary documents.
Product summaries
This section includes basic identifying information, such as the corporate
name of the vendor and the product version to which this summary applies.
The purpose of this section is to prevent confusion and to allow the vendor
to supersede a version of the summary as a product is updated. The date of
publication of the summary is also given.
Executive overview
This section provides a one-paragraph summary of the product: what it
does and its distinguishing characteristics. The executive overview section
should be relatively free of technical jargon.
Description of firewall product functional
This is the standard text describing the purpose of the document, as para-
phrased above. It is included in each summary to explain to readers the phi-
losophy behind the document.

Get Internet Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.