I'm not sure what the 55 known attacks are. I've never heard that statistic
before.
As far as an IDS solution other than the PIX... first, the PIX is not an IDS
box, it's a firewall. So, yes, I would suggest an IDS solution just inside
your PIX. I don't know what layer 2 device you have your inside interface
on, but if it's a switch you'll want to look into port mirroring (different
vendors call it different things). I personally am comfortable with Linux
and would deploy a Linux box funning snort as well as a few other tools. It
would have two interfaces (minimum). One for management, the second for
sniffing. The sniffing interface would be connected to a switch that SPANs
(I use Cisco switches) the inside interface of the PIX.
With regards to PDM, I would suggest you learn the command line on the PIX.
I've never had any kind of luck with PDM and personally find it a hindrance.
Hope that helps,
Roy
-----Original Message-----
From: Aaron [mailto:agflem@yahoo.ca]
Sent: Thursday, August 19, 2004 9:31 AM
Cc: firewalls@securityfocus.com
Subject: PIX Questions
1. The PIX 506E scans for 55 known attacks, what are they? Also, does it
scan for other 'threats'? Should there be another device in use for IDS
aside from the PIX?
2. I would like to use the PDM, however I can not download it from
Cisco. The PIX IOS is 6.3, but I'm not sure what else I need to take
advantage of the web based interface.
Cheers
*************************************************************
This message, including any attachments, may contain
confidential information intended for a specific individual
and purpose, and may be protected by law. If you are not
the intended recipient, please notify the sender by e-mail
or telephone immediately, and then immediately delete this
message. Any disclosure, copying or distribution of this
message, or the taking of any action based on it, by any
unintended recipient is strictly prohibited.
