Search This Blog

Friday, April 18, 2008

Wherefore art thou firewall?

I can't resist the opportunity to say "I told you so." Back when the Eligible Products Database was introduced, I asked at the train-the-trainer workshop, "What if a vendor certifies that a product is eligible, and USAC certifies that it's eligible, and later it's found not to be eligible? Who will end up paying?" The answer: "The applicant."

Today I saw an appeal where that's exactly what happened. Back when firewalls became eligible, security appliance vendors came out of the woodwork to claim their product was a firewall. I'm a network engineer who understands the eligibility rules, so my clients are safe, but what is a school business administrator to do when a vendor says that their product is eligible, and USAC agrees? They don't cover the difference between "stateful packet inspection" and "behavior-based threat detection" in professional development for educators or business administrators. And the definition in the Eligible Services List was nowhere near as cut-and-dry as saying "Firewall means Network Address Translation and/or stateful packet inspection, but not application-level proxying" (which was apparently the rule when firewalls were first added).

That's why the Eligible Products Database died. Not because it was cumbersome (it was), not because it was largely unknown (it was), but because USAC didn't stand behind it. And at least one applicant suffered.

No comments:

Post a Comment