Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PIX issue

From: "Ivan Coric" <ivan.coric () workcoverqld com au>
Date: Thu, 25 Sep 2003 11:07:17 +1000
Bob,
I agree that the Netscreen interface is nice, but no where near as beautiful as CheckPoint. 
As for the statement that "PIX really only does packet filtering" it is simply untrue. The PIX has a command called 
"fixup"

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800b2ecb.shtml
The PIX Software Mailguard feature sanitizes SMTP traffic. For PIX Software versions 4.0 and 4.1, the mailhost command 
is used to configure Mailguard. In PIX Software versions 4.2 and later, the command has been changed to fixup protocol 
smtp 25, and you will also need static and conduit statements for your mail server.

There is support for http, ftp, sqlnet etc..

more than just a packet filter

Regards
Ivan


Ivan Coric
IT Technical Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric () workcoverqld com au


"bob richie" <bobr () rentech net> 09/25/03 07:20am >>>

We moved to Netscreen to get away from such issues.  Easier to use
interface.  We are also considering adding a Sidewinder2 as Secure
Computing offers a trade -in and on Dell's appliance box with 3 year
warranty we would not worry about maintenance issues.  The SG2 does
filtering at the application layer which would be less likely to allow
Nachi to even get in.  PIX really only does packet filtering and you
have to worry about too many work arounds as new bugs are detected.

Bob Richie
Renaissance Application Facility, LLC
(615) 254-8324


---------------------------------------------------------------------------
----------------------------------------------------------------------------







***************************************************************************
Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used 
for the intended purpose only and are to be kept confidential at all times.
This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this 
information should be deleted promptly and the sender notified.
This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
**********************************************************************


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: