Several things. Security isn't about trusting people, including the network and security admins. Assigning the PIX, router, etc., to different people gives cross-checking.
A PIX won't help you if you are doing host-level IPsec, SSL, etc. A router can help against denial of service. Not all secure traffic usefully goes through a firewall. >Benefits of PIX over FFS: More scalable, according to Cisco. They also >push the separation of functions, i.e., let a router route and let a >firewall stop the bad guys. Best I can do from memory from the MCNS text. > > -----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of >Mcfadden, Chuck >Sent: Wednesday, November 28, 2001 12:03 PM >To: [EMAIL PROTECTED] >Subject: RE: The Scoop on PIX? [7:26607] > >1. (Probably the only real reason) Off load processor overhead by having >packet filtering happen somewhere other than the device that is trying to >also perform routing tasks. >2. DMZ? (Can be handled via router, though [processor issue - see above]) >3. Redundancy without the need for dual WAN connectivity > >Those are about the only reasons I can think of. Any one else think of any? > >I have no idea what PIX stands for...GREAT Question!!! >ccie1ab > >-----Original Message----- >From: BASSOLE Rock [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, November 28, 2001 11:01 AM >To: [EMAIL PROTECTED] >Subject: RE: The Scoop on PIX? [7:26607] > > >-----Message d'origine----- >De : Andrew Michael [mailto:[EMAIL PROTECTED]] >Envoyi : dimanche 18 novembre 2001 00:09 >@ : [EMAIL PROTECTED] >Objet : The Scoop on PIX? [7:26607] > > >Hi all. > > What are some of the reasons why a person would choose a PIX solution >rather than a good router with the the right IOS for security? > > From what I've read on Cisco's site, there does not seem to be the huge >gap between using a router as a firewall solution vs. using a PIX, as some >people make it sound. > > One last thing...for the life of me, I can't find what "PIX" stands for! >Any help appreciated! Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27584&t=26607 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]