Security Basics mailing list archives
Re: Cisco's SDM firewall and IDS reviews
From: "Andrea Gatta" <andrea.gatta () gmail com>
Date: Sat, 12 Jan 2008 14:36:05 +0000
Hi, first thing first SDM is nothing more than a graphical approach to manage the new generation ISR from Cisco. It does add some features like a sort of security assessment for the device it runs on and gives the admin a way to lock down the router without going through th CLI. Apart from that it's nothing more than a user space tool to manage IOS routers runinng FW/IDS/IPS feature set. You can also manage ISPEC VPN in every flavour (easyvpn, traditional site to site ans so on). Having said that,chosing the right firewall it's more a matter of what are your client's needs and constraints. At this regards this device might or might not meet you needs depending of what part of the network it's going to protect, what kind of application layer awarness you need just to name. I would say that those kind of router might be a good solution to protect the perimeter at the edge and assuming you have other layer of protection all the way down to your backend if any. Cheers, Andrea On 11 Jan 2008 14:42:15 -0000, <ejensen () vibrant com> wrote:
Hello everyone, has anyone worked with the Cisco SDM package? I'm looking for reviews (or experiences) that compare this with a PIX or Sonicwall or something similar. Specifically, does the SDM software compete on the same level as other firewall appliances for SMB sized networks? Since SDM also has an IDS function, how does that rate when compared to a stand alone IDS appliance? I assume it uses the same signature sets as any other Cisco IDS device. My question comes from customers asking me whey they need a firewall when the latest ISR (integrated service router) devices from Cisco have one included. I can't find any whitepapers or reviews comparing the SDM software package to other firewalls. SDM version 2.4 is the latest, so that's the one I'm using. When you look at the config after setting up one of these, it looks like everything is done via ACLs. Granted, that's the heart of any firewall, but I expect to see something along the lines of packet inspection, and looking at code or signatures before allowing connections. I'm not sure that is actually going on in the SDM package. Last concern, does this package qualify to protect a medical network? Does HIPPA approve? Thanks for the help! Erick
Current thread:
- Cisco's SDM firewall and IDS reviews ejensen (Jan 11)
- Re: Cisco's SDM firewall and IDS reviews Rob Thompson (Jan 12)
- Re: Cisco's SDM firewall and IDS reviews Andrea Gatta (Jan 12)
- <Possible follow-ups>
- Re: Cisco's SDM firewall and IDS reviews celina612 (Jan 14)