I don't think it is security holes at a lower layer. Checkpoint installs
what they call a shiv between the network and data link layer to protect the
IP stack. And if you were to take advantage of OS security flaws you would
be doing it at the Session Layer and above, not the lower layers.
About five years ago it used to be the case the application based firewalls
did not protect the network as well as packet filtering. But that was
because people didn't really understand what a firewall was. Most people
considered a proxy server as a sort of firewall.
I remember a client telling me they were protected because they used
reserved ip address and M$ proxy. In fact at the time M$ was marketing
their proxy server as a "poormans" firewall.
But today firewalls protect the IP stack. And most people know that a proxy
is not a firewall. So this hardware based is better than software based
stuff does not ring true.
When someone asks me which is better Pix or Checkpoint, I tell them it
depends. I can find you studies that says Pix has better throughput than
Checkpoint and vise versa.
The real difference between them is that Checkpoint has a gui interface and
Pix has the o'l command line. You can pretty much do the same thing with
them, so what it comes down to is what are you or your staff more
comfortable configuring. Are you a cisco shop, buy the pix, are you an
NT/Unix shop, buy Checkpoint. Beyond that it is all marketing semantics.
In fact I have heard, but not seen, that their is a new gui interface for
the Pix. Anyone used it lately?
I haven't had time to work with it, since I'm preparing for this little know
lab called CCIE or something like that. What's an IGP? (oh my brain is
starting to hurt...)
-----Original Message-----
From: Jim Brown [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 04, 2001 7:45 AM
To: [EMAIL PROTECTED]
Subject: RE: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]
Security holes in lower layers? Where did you come up with that, your Cisco
rep?
-----Original Message-----
From: Eugene Nine [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 03, 2001 5:01 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]
PIX goes up to layer 4, so it won't do things like URL filtering.
Checkpoint (or other SW) can do higher layer protection but may not be as
well at the lower layers (due to security holes in the OS, etc)
Eugene
""Chuck Larrieu"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Asked sincerely, what advantages do you see in provisions PIX plus
> checkpoint?
>
> Chuck
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Thursday, May 03, 2001 2:47 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]
>
> It depends on your security policy , design and needs , generally what we
> advice our
> customers is checkpoint + pix together
>
> Hatim badr a icrit :
>
> > Hi ,
> >
> > I would like to know the pluses and minuses of each product . Currently
> We
> > are using checkpoint and I want to convince my management to switch to
> cisco
> > PIX firewall .
> >
> > Thanks
> >
> > Hatim
> >
> > ____________________________________________________________________
> > Get free email and a permanent address at http://www.netaddress.com/?N=1
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3204&t=2878
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
