5,2 Firewall product functional summaries 119
Firewall product functional summaries
Current firewall product literature lacks true standards, a problem encoun-
tered by many firewall shoppers. Vendors naturally prepare marketing liter-
ature that puts their products in the best possible light and describes them
in ways that are appropriate to the company's design and sales philosophies.
However, standards have emerged in other areas of hardware and software,
both in terminology and the description of features. For example, when a
car brochure refers to antilock brakes or touts dual air bags, we can expect
these items to fall within certain parameters.
Hoping to apply this type of standardization to firewall product descrip-
tions, the ICSA Firewall Product Developers Consortium has supported a
solution, developed by Marcus Ranum of Network Flight Recorder, Inc.
(http://www.nfr.net), referred to as "Firewall Product Functional Summaries."
The purpose of the firewall product functional summary program is twofold:
1. To provide a structured format in which vendors can describe the
distinguishing features and advantages of their products
To provide a structured format from which potential firewall cus-
tomers can compare and contrast the features and design princi-
ples of firewall products
In other words, we want vendors to provide product information in a
format that allows potential firewall customers to make meaningful com-
parisons between products. Over the past three years, ICSA has collected
Firewall Product Functional Summaries from members of the Firewall
Product Developers Consortium and posted them on the ICSA web site.
Copies have also been made available on the Third Annual Firewall Buyer's
Guide CD. The summary format used in the program was derived through
an open process including firewall vendors, agencies of the computer-security
community, and the firewall customer community. Marcus Ranum coordi-
nated this cooperative industry effort.
The next two paragraphs describe the thinking behind the Firewall
Product Functional Summaries. The remainder of this section provides an
overview of what firewall shoppers will find in Firewall Product Functional
Computer-security systems, like other mission-critical systems, must
have sound basic design principles, and the implementation of those prin-
ciples must be of high quality. When choosing a computer-security sys-
tem, then, the customer must have a means to judge the capabilities and
design principles of the system in terms of the protections required by
I Chapter 5