To quote Bruce Schneier, “well-designed security systems fail gracefully”. This means for example when the ISA firewall service fails it closes off network connectivity entirely (ie retains security) instead of opening your entire network up (ie decreases security).
This week SonicWALL’s license servers suffered a glitch rendering thousands of customer units useless and leaving the customers’ networks open to attack. The affected devices included firewall and email security appliances.
Security appliances are popular for no good reason at all. The decision maker in many organisations falls for marketing hype that a “hardware firewall” is better than the alternative, ignoring the obvious fact that the appliance is ultimately no different to any other firewall that consists of a piece of hardware running secure OS and firewall features.
When purchasing a firewall or security product the decision should not be based on perception but rather fact. I’m sure no SonicWALL customer ever imagined that the company could make an error on their license servers that would comprimise their security in such a manner. Its worth noting that once your Microsoft ISA Server firewall is up and running it can never become “unlicensed” by an error at Microsoft.