I am trying to decide which is better. With a Packet filer (like PIX) you get great performance and security. Cisco's argument is that App proxys are not as secure because the security of the underlying OS is weak. Also, why do you need to go through layers 4-7? Cisco touts this should not be part of the job of the firewall. You need to secure your servers from these types of attacks anyway in case of internal hacks and there are new exploits coming out everyday. So why not just load the fix on the servers and leave the firewall alone?
Application Proxys are nice because they do this functionality at the cost of performance though. Also, many security requirements ding the PIX for their poor logging facility. products like Raptor provide much more information in their logs. Can I get some responses on this? I'm not asking for flames, just educated responses. Again, this is stuff I have learned or heard during my comparison/evaluation process... Thanks! __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
