Time and deadlines are also pretty stressful. Many nights in my hotel room, I would begrudge the two hours I demanded of myself working on the project. After a 12-hour day, the last thing I looked forward to was more work.

In your opinion, what can users do to choose a firewall that is right for their needs?

This is kind of a tough thing to answer in a short space. The first thing any organization (or individual) needs to consider is the value of the information assets they need to protect. It makes no sense to deploy a 50,000 firewall solution to protect a 10,000 asset. Can they get by with a stateful packet filter alone, or do they frequently deal with protocols such as http, Java, Active-X that need application level proxy to protect from malicious active code? These decisions bear careful consideration.

Which personal firewalls would you recommend?

I own both ISS BlackICE and Zone Lab's Zone Alarm Pro. While I believe they both provide great protection, I tend to run just BlackICE. Zone Alarm Pro interrupts me too often asking permission for this or that connection. BlackICE is less demanding of my attention. I scan my machines regularly for "pest" applications and potential covert channel apps such as SubSeven and Back Orifice, so I don't have the same level of need many other users have to alert them for potentially dangerous outbound traffic.


What are your future plans? Any exciting new projects?

In my immediate future, I am working towards spending more time consulting and less time waiting in airports on teaching assignments. 30 months of constant travel is wearing a tad thin.

On the project side, I am happy to announce that I have begun co-authoring Cisco Press' "CCSP Practical Series: PIX Firewall" title with fellow instructor and consultant Dave Garneau. Whereas the previous PIX title is geared towards Engineers with little PIX experience, the new title is aimed at readers who want to learn by doing. The new CCSP book will be 15% tutorial and 85% hands-on lab exercises.

What is your vision for firewalls in the future?

I think of all of the firewall vendors, Cisco Systems vision of integrating firewalling right into the switching fabric of the network is going to mark the most significant development in firewall technology for the next few years to come. Their new Firewall Services Module for the Catalyst 6500 switch boasts 5Gb throughput. None of their competitors are even close to this level of integration and performance. Therefore, I have adopted Cisco's vision as my own in this regard.