Re: Cisco PIX 515 Firewall
From: Paul Dawson (pauld@staff.intekom.com)Date: 11/16/01
- Previous message: LK-FM Tech Assistances: "new network segment - how"
- In reply to: mstevenson@quickhire.com: "Cisco PIX 515 Firewall"
- Next in thread: D.Stout@EU.HNS.COM: "Re: Cisco PIX 515 Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: Re: Cisco PIX 515 Firewall From: Paul Dawson <pauld@staff.intekom.com> To: mstevenson@quickhire.com Date: 16 Nov 2001 08:52:51 +0200 Message-Id: <1005893573.6512.4.camel@pauld2.midrand.intekom.com>
Cisco PIX uses the ASA (adaptive security algorithm) which is basically
a state table keeping track of all levels of the OSI reference model.
It also does sequence number proxying which prevents from MIM attacks.
It does have some basic IDS functionality but only from the point
inserting a well know "signature" which will detect generic and
documented attacks. But it is by no means a fully capable IDS.
It also handles complex MM applications such as HS323 and streaming
protocols at wire speed, also by using the ASA functionality and by
using the "fixup" protocol.
Velly Velly nice firewall to work on. ;-)
Paul
On Wed, 2001-11-14 at 22:34, mstevenson@quickhire.com wrote:
> Anyone out there have some experience using the Cisco PIX firewalls for
> Corporate/Production networks? I'd like to try one of these little buggers
> out, but I'd like to get some do's and dont's from other admins with Cisco
> PIX experiences. As I understand, these things don't just filter packets
> based on addresses/ports but actually look at packet content like a proxy or
> IDS. Is this true? I've also heard that it will only scan content of the
> first packet when a new connection/session begins, and then it uses
> keep-state tables to auto-pass the rest of the packets in the session. I
> remember the ipf package taking that approach as well and having security
> problems with that because you can confuse the state table cache. Any
> comments would be helpful.
>
> Miles Stevenson
> QuickHire Network Support Specialist
>
>
>
-- Paul Dawson ----------------------------------------------------------------- ITX Security Specialist Tel: 266-7800 (ext 8018) Fax: 266-7932 pauld@staff.intekom.com ----------------------------------------------------------------- "There is no end. There is no beginning. There is only infinite passion of life." "The information in this email and in any attachments is confidential and intended solely for the attention and use of the named addressee(s). This information may be subject to attorney and client or other privilege. It must not be disclosed to any person without Intekom's permission. Please note that the recipient must scan this e-mail and any attached files for viruses and the like. ITX accepts no liability of whatever nature for any loss, liability, damage or expense resulting directly or indirectly from the access of any files which are attached to this message."
- Previous message: LK-FM Tech Assistances: "new network segment - how"
- In reply to: mstevenson@quickhire.com: "Cisco PIX 515 Firewall"
- Next in thread: D.Stout@EU.HNS.COM: "Re: Cisco PIX 515 Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
