Chuck,
Nice attempt at FUD sale there. ;-) You didn't point out that the PIX
has been selling since 1995; years before a couple of guys left Cisco
and started Juniper (and years before NetScreen got started also by
former Cisco employees).
Why don't you tell the list more about running deep packet inspection on
a 5GT? What kind of throughput should one expect with any kind of rules
defined? How many vendors supply AV signatures? Where does that URL
filtering come from?
And while you're at it why don't you cover vulnerabilities on NetScreen
(and all other Firewall vendors) products.
I guess we'll tie today for the posts with the least real value on list.
Liberty for All,
Brian
charles antrim wrote:
Take a look at all the vulnerabilities on the Cisco site on the PIX.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_security_advisories_list.html
The competing Juniper product is the same price. The 5-GT also has an
option for built in anti-virus and web filtering as well as Deep
Inspection.
If you want to take a look let me know.
Chuck
On 2/16/05 7:11 AM, "Kevin Russell" <kevin@retail-tech.com> wrote:
I do appreciate all the replies,
Cisco pix 501 I think. 400$ loaded out of box secure as hell
this sounds like something I can get in the budget...
Upgrade the router to the current support OS (Cisco IOS, or ???),
lock down the router security, and add ACLs to block inbound and
outbound spoofed IPs, "junk" traffic, and ports and IP
protocols which
you do not use between the Internet and your DMZ/private LAN.
e.g. if
you don't have an IPSEC VPN, drop and log all ESP and AH traffic
at the router.
would the pix 501 have some of these features
collate your FTP and webserve into one, preferably a Linux box
ˆ with >the box you gain from the migration you could build
another Linux box >and stick squid and snort on that.
this sounds like what I would like to do, but my Linux box is
a 350 proc, from AMD and only got either 64 or 128mb of ram do
you think this will hold up to the abuse of being a web/ftp
server and not fail...
I would avoid using a 2KPro box as a web server, since
you will be limited on the number of connections... Use
2KServer for any server based services.
didn't know that, will defiantly look into other options now...
as for basic office maintenance I have the corp. ed. of trend
AV, it lets me do all the updates across the office, also I
have a routine about updates and patches for the offices,
ipcop is another thing to add to my list of things to do,
after I get the apache up and working..
thx for all your help and suggestions
you make it seem easy...
--
========================================================
Brian Ford
Consulting Engineer, Consulting Engineering Group
Cisco Systems, Inc.
Direct: 212-714-4288
e-mail: brford@cisco.com
http://www.cisco.com
The content of this message represent the views of the author and not
necessarily those of their employer.
