Comments inline:
----- Original Message -----
From: "Ole Drews Jensen"
To:
Sent: Tuesday, September 25, 2001 11:07 AM
Subject: Personal Security Recommandation - Cisco PIX or ? [7:21012]
> In regards to network design in the security area, I would like to start a
> discussion / get feedback from those of you who have dealt / are dealing
> with this.
>
> I know that I can most likely pull up some websites that has answers to
> this, but I would like a feedback from "real people" that are working with
> this.
>
> I am only now in the process of finishing my last exam for the CCNP, and I
> am then planning on going towards the security specialization. Therefore,
my
> knowledge of firewalls, vpn's, etc. are not that great.
Learn IPSec first thing when you concentrate on Security.
>
> We have at the company I work for used Check Point, but that's a very
> expensive product, and needs to be relicensed over and over. We are
> currently using Gauntlet, but that will be discontinued on the Windows NT
> platform.
>
> Because of this, I am now trying to get some feeling for a good solution,
> and (of course) Cisco's PIX came to my mind. However, I have a couple of
> questions I would like to get some feedback on, and perhaps start a short
> discussion.
>
> How is the PIX compared to other products when looking at:
>
> 1) Difficulty of administration?
If you're used to a command line interface and Cisco IOS, it's different,
but concepts are basically the same. As of 6.0 there is a GUI interface.
Tons of example configs are out there and in the manual.
> 2) Price?
Estimated:
501 - ~$850 (2 interfaces only)
506 - ~$1400 (2 interfaces only)
515 - up ~around 5 digits...it depends on what you put in it. CDW.com will
give you some basic guidelines for estimated prices.
> 3) Effectiveness of intruder protection?
Well...it's a firewall. It's as effective as you make it. IP reverse
verify helps stop spoofing, static embryonics help prevent DOS attacks, etc.
It only allows access to ports you specify so it's only as secure as the
servers behind it on those ports (as is any firewall). It can tie in with
other software for IDS and outbound URL restrictions as well. ActiveX
filters can block all ActiveX if you like. SYSLOG output allows any 3rd
party software that monitors SYSLOG to work.
> 4) Speed (slowing down the communication)?
501 and 506 are 10Mb but clock around 6-7Mb on tests. Other models are
100Mb and clock much higher. If you use IPSec encryption it will obviously
slow this down.
>
> and
>
> 5) What would you recommend?
PIX is my personal favorite IMHO.
>
> Thank you very much for your time on this,
>
> Ole
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Ole Drews Jensen
> Systems Network Manager
> CCNA, MCSE, MCP+I
> RWR Enterprises, Inc.
> [EMAIL PROTECTED]
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> http://www.RouterChief.com
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> NEED A JOB ???
> http://www.oledrews.com/job
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=21018&t=21012
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
