What's your take on the full disclosure of vulnerabilities?
I think that vulnerabilities should be disclosed responsibly. In the case that a fix is available, there is no point in withholding the information, and it is actually our duty to disclose it. However, there are cases where the consequences of disclosure might outweigh the benefits, and where it is too dangerous to publish a vulnerability. I believe that each vulnerability represents a judgment call.
What can users do to choose a firewall that is right for their needs?
The choice of firewalls is not as important as the configuration of it. Having too many firewall rules will burn you whether you use Checkpoint's latest product or a free open source package. The decision should be based on what they can afford, whether or not they like fancy GUIs, and how well they understand the product.
Which personal firewalls would you recommend to our readers?
I'd rather not make any product recommendations. We wrote about how to use several of them in the book. The PC versions have functionality that is quite different from the Unix versions. Again, I suggest making the decision on the factors mentioned in my previous answer.
What are your future plans? Any exciting new projects?
Right now, I'm trying to settle into my new job. I just left industry for academia less than two months ago. Academia appears to be a much busier lifestyle, and I'm just starting to get my bearings. I'm really enjoying teaching, and the interaction with graduate students and other faculty is wonderful. I don't understand how professors ever have time to write books. Maybe that's what sabbaticals are for.
What is your vision for firewalls in the future?
Firewalls will move into the host, and policies will be set by loading them into distributed hosts over cryptographic channels. At least, I hope that's what happens. We'll see.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.