Re: Windows vs Cisco

From: Ida (fake_at_rogers.com)
Date: 06/14/03

• Next message: Duane Arnold: "Re: I REALLY loathe you!"
• Previous message: scrap: "Re: iptables"
• In reply to: Richard: "Windows vs Cisco"
• Next in thread: Derek Chew En-Hock: "Re: Windows vs Cisco"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 14 Jun 2003 03:05:55 GMT

If PIX is not asked to handle some requests at application level (such as
URL filtering), I agree that PIX has a better performance than the packet
filter within Windows 2000. But I doubt that PIX has a better performance
than the packet filter running on a UNIX system, such as SmoothWall
(http://www.smoothwall.org) and IPCop (http://www.ipcop.org). Because CPU in
PC is much powerful than CPU in PIX.

Actually, even we use the packet filter within Windows 2000 as a firewall,
the performance is not an issue at all. Most of Internet connection is lower
than 10Mbps. The network connection speed will be not affected even if we
use the packet filter within Windows 2000 as a firewall.

When PIX is asked to provide higher security, for example, doing URL
filtering with Websense, its performance is greatly degrated.

ITShield firewall (http://www.itshield.com) handles all the sessions in
application-level by default because application proxy provides the highest
level of security and flexibility. ITShield Firewall can handle more than
5000 TCP sessions, unlimited UDP sessions, and unlimited IP sessions at
application-level in parallel. Furthermore, ITShield Firewall can drop the
unwanted requests at packet level. If the high-speed network traffic keeps
the firewall very busy, the administrator can enable Stateful Inspection.

Ida Young

"Richard" <richarddegroot@netscape.net> wrote in message
news:3eea3d17$0$49101$e4fe514c@news.xs4all.nl...
> Hi Netgurus,
>
> one of my suppliers is telling me that the packet filter within Windows
2000
> server is as safe as the Cisco PIX 515E.
>
> Is this true?
>
> Can someone explain to me which will be more a threat? The PIX or the
packet
> filter in Windows?
>
> Are there any objective hyperlinks, that can help me?
>
> thankx in advance...
>
> kind regards from a person in need of professional advice ;-)
>
>

• Next message: Duane Arnold: "Re: I REALLY loathe you!"
• Previous message: scrap: "Re: iptables"
• In reply to: Richard: "Windows vs Cisco"
• Next in thread: Derek Chew En-Hock: "Re: Windows vs Cisco"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages ipfilter on Solaris 10 ... I'm getting nowhere re-enabling ipf on my host which was recently ... I suspect it may be due to my interface not having the ip filter module ... packet state: kept 0 lost 0 ... (comp.unix.solaris) Re: [fw-wiz] Question about a Cisco PIX 515 - Routing question (I think) ... The PIX accepts the ... packet from the Internet, changes the addressing to map the ... It may be easier to get the servers ... (Firewall-Wizards) RE: Capture http post request ... I have read an article at www.codeproject.com about Packet Filter ... For example i want to block my client computer can not download or request ... Microsoft Online Support ... (microsoft.public.dotnet.languages.vb) Re: Hits just keep on coming! What does it mean? ... Firestarter comes with a default set of rules but I ... > Your machine sending some NetBIOS (Windows networking) packet as a network ... and filter the rest - and filter very ... (comp.os.linux.security) Re: Connecting 2 networks via Win 2003 server ... The PIX will redirect the packet to ... (the RRAS router) because of the static route you added. ... (microsoft.public.win2000.ras_routing)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint