Security Basics mailing list archives

Re: Cisco's SDM firewall and IDS reviews

From: "Andrea Gatta" <andrea.gatta () gmail com>
Date: Sat, 12 Jan 2008 14:36:05 +0000

Hi,
first thing first SDM is nothing more than a graphical approach to
manage the new generation ISR from Cisco. It does add some features
like a sort of security assessment for the device it runs on and gives
the admin a way to lock down the router without going through th CLI.
Apart from that it's nothing more than a user space tool to manage IOS
routers runinng FW/IDS/IPS feature set. You can also manage ISPEC VPN
in every flavour (easyvpn, traditional site to site ans so on).

Having said that,chosing the right firewall it's more a matter of what
are your client's needs and constraints. At this regards this device
might or might not meet you needs depending of what part of the
network it's going to protect, what kind of application layer awarness
you need just to name. I would say that those kind of router might be
a good solution to protect the perimeter at the edge and assuming you
have other layer of protection all the way down to your backend if
any.

Cheers,
Andrea

On 11 Jan 2008 14:42:15 -0000,  <ejensen () vibrant com> wrote:

Hello everyone, has anyone worked with the Cisco SDM package?


I'm looking for reviews (or experiences) that compare this with a PIX or Sonicwall or something similar.  
Specifically, does the SDM software compete on the same level as other firewall appliances for SMB sized networks?


Since SDM also has an IDS function, how does that rate when compared to a stand alone IDS appliance?  I assume it 
uses the same signature sets as any other Cisco IDS device.


My question comes from customers asking me whey they need a firewall when the latest ISR (integrated service router) 
devices from Cisco have one included.  I can't find any whitepapers or reviews comparing the SDM software package to 
other firewalls.


SDM version 2.4 is the latest, so that's the one I'm using.  When you look at the config after setting up one of 
these, it looks like everything is done via ACLs.  Granted, that's the heart of any firewall, but I expect to see 
something along the lines of packet inspection, and looking at code or signatures before allowing connections.  I'm 
not sure that is actually going on in the SDM package.


Last concern, does this package qualify to protect a medical network?  Does HIPPA approve?


Thanks for the help!

Erick

Current thread:

Cisco's SDM firewall and IDS reviews ejensen (Jan 11)
- Re: Cisco's SDM firewall and IDS reviews Rob Thompson (Jan 12)
- Re: Cisco's SDM firewall and IDS reviews Andrea Gatta (Jan 12)
- <Possible follow-ups>
- Re: Cisco's SDM firewall and IDS reviews celina612 (Jan 14)