Security Basics mailing list archives
Re: PIX issue
From: "Ivan Coric" <ivan.coric () workcoverqld com au>
Date: Thu, 25 Sep 2003 11:07:17 +1000
Bob, I agree that the Netscreen interface is nice, but no where near as beautiful as CheckPoint. As for the statement that "PIX really only does packet filtering" it is simply untrue. The PIX has a command called "fixup" http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b2ecb.shtml The PIX Software Mailguard feature sanitizes SMTP traffic. For PIX Software versions 4.0 and 4.1, the mailhost command is used to configure Mailguard. In PIX Software versions 4.2 and later, the command has been changed to fixup protocol smtp 25, and you will also need static and conduit statements for your mail server. There is support for http, ftp, sqlnet etc.. more than just a packet filter Regards Ivan Ivan Coric IT Technical Security Officer Information Technology WorkCover Queensland Ph: (07) 30066414 Fax: (07) 30066424 Email: ivan.coric () workcoverqld com au
"bob richie" <bobr () rentech net> 09/25/03 07:20am >>>
We moved to Netscreen to get away from such issues. Easier to use interface. We are also considering adding a Sidewinder2 as Secure Computing offers a trade -in and on Dell's appliance box with 3 year warranty we would not worry about maintenance issues. The SG2 does filtering at the application layer which would be less likely to allow Nachi to even get in. PIX really only does packet filtering and you have to worry about too many work arounds as new bugs are detected. Bob Richie Renaissance Application Facility, LLC (615) 254-8324 --------------------------------------------------------------------------- ---------------------------------------------------------------------------- *************************************************************************** Messages included in this e-mail and any of its attachments are those of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times. This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified. This e-mail has been scanned by Sophos for known viruses. However, no warranty nor liability is implied in this respect. ********************************************************************** --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- PIX issue bob richie (Sep 24)
- <Possible follow-ups>
- Re: PIX issue Ivan Coric (Sep 25)