Any manufacturer of security devices must resolve the fundamental trade-off between proprietary and public infrastructure for the overall device operating system. The greatest advantage of using a proprietary operating system is control of the source code. Although proprietary operating systems may seem more secure, a proprietary system also places a key component of overall network security in the hands of a limited group of operating system programmers. With the rising frequency of published bug reports regarding well-known operating systems such as Microsoft Windows NT and Sun Solaris, a security device manufacturer might not be confident that the vendors of proprietary operating systems publish timely and accurate bug fixes for their operating systems. This can create an unnecessary element of risk.
Public scrutiny of an operating system, on the other hand, trades control of the source code for the powerful audit and development capability of operating system experts worldwide. The value of the pool of talent and commitment represented by this group of people far exceeds the value of any advantage in control that in-house development can have.
The WatchGuard Firebox System is based on the freely available Linux operating system. Not only has the operating system itself withstood the highest levels of public scrutiny in regard to its fundamental design, but the inevitable bug fixes that any network operating system will require over time have historically been available far faster than those of the commercial operating system vendors.
The WatchGuard design process releases all modifications to the operating system kernel back into the public domain. This process enables the Linux development community to scrutinize the changes we have made to ensure that the modifications are stable and reliable. The Firebox System software code that runs on the modified kernel remains proprietary to WatchGuard Technologies, Inc. This design approach allows WatchGuard to deploy a secure appliance over an aggressively debugged operating system at a fraction of the total cost of other network security approaches.
Using the Linux kernel also means that all bug fixes resulting from a previously unknown vulnerability in the underlying operating system are made available to the end user directly from WatchGuard. As a WatchGuard customer, you will never be told that any bug is strictly an operating system bug and that you should contact the operating system vendor for the patch. We service what we sell, right down to its operating system.
Return to Top
Home | User | Handbook | Reference | VPN Manager
Copyright © 1996 - 2001 WatchGuard Technologies, Inc.
All rights reserved.