Re: Hardware Firewall

["Ale x" <gbanger () gmail com>]

Cisco router IOS does the same as an ASA firewall? I haven't actually
used an ASA yet (except for trying to emulate one with
Dynamips/cygwin) however I am sure there are many differences. For
example the IPS/IDS, proxying, deep packet inspection,
antivirus/antispam, etc.. Fair enough a router with IOS can do ACLs to
block ports and protocols, PBR, SSL VPN connections, etc -- but it's
certainly not a firewall.

I remember reading about Ciscos IPS doing network traffic pattern
recognition, to learn the normal behavoir of your network. Anything
out of the ordinary will be treated as a potential threat. As always
there is plenty of information on Cisco's website.

Of course there are many other platforms that can perform similar
functions, we have Watchguard Firebox's at work. They do the job, but
I can't stand the management software. Nokia Checkpoint firewalls are
always a nice option.

Thanks,
Alex

(sorry didn't mean to double send)

On Tue, Nov 18, 2008 at 8:40 AM,  <h.carpentier () yahoo co uk> wrote:
> Hello all,
>
> I am going to upgrade in the near future a network security course. The course is looking at network security from a 
> hardware point of view, using at the present time PIX firewalls and router IOS security features.
> I am very familiar with the PIX, and am aware that they will be unsupported soon (2012?). They are replaced with 
> ASAs. Is there really many people using ASAs out there? The Cisco routers IOS seem to be able to fulfil most of the 
> functions anyway.
> Do you know of other platform offering the same or similar functions?
>
> Cheers
>
> Hervé Carpentier