Take a look at all the vulnerabilities on the Cisco site on the PIX.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_security_advisori
es_list.html
The competing Juniper product is the same price. The 5-GT also has an
option for built in anti-virus and web filtering as well as Deep Inspection.
If you want to take a look let me know.
Chuck
On 2/16/05 7:11 AM, "Kevin Russell" <kevin@retail-tech.com> wrote:
I do appreciate all the replies,
Cisco pix 501 I think. 400$ loaded out of box secure as hell
this sounds like something I can get in the budget...
Upgrade the router to the current support OS (Cisco IOS, or ???),
lock down the router security, and add ACLs to block inbound and
outbound spoofed IPs, "junk" traffic, and ports and IP protocols which
you do not use between the Internet and your DMZ/private LAN. e.g. if
you don't have an IPSEC VPN, drop and log all ESP and AH traffic
at the router.
would the pix 501 have some of these features
collate your FTP and webserve into one, preferably a Linux box ? with >the
box you gain from the migration you could build another Linux box >and
stick squid and snort on that.
this sounds like what I would like to do, but my Linux box is a 350 proc,
from AMD and only got either 64 or 128mb of ram do you think this will hold
up to the abuse of being a web/ftp server and not fail...
I would avoid using a 2KPro box as a web server, since
you will be limited on the number of connections... Use
2KServer for any server based services.
didn't know that, will defiantly look into other options now...
as for basic office maintenance I have the corp. ed. of trend AV, it lets me
do all the updates across the office, also I have a routine about updates
and patches for the offices,
ipcop is another thing to add to my list of things to do, after I get the
apache up and working..
thx for all your help and suggestions
you make it seem easy...
