I installed the GUI for the PIX but haven't used it yet. Letting something
else build my config just seems weird ;) Almost like job security making a
flushing noise...rofl.
----- Original Message -----
From: "Maness, Drew"
To:
Sent: Friday, May 04, 2001 10:29 AM
Subject: RE: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]
> I don't think it is security holes at a lower layer. Checkpoint installs
> what they call a shiv between the network and data link layer to protect
the
> IP stack. And if you were to take advantage of OS security flaws you
would
> be doing it at the Session Layer and above, not the lower layers.
>
>
> About five years ago it used to be the case the application based
firewalls
> did not protect the network as well as packet filtering. But that was
> because people didn't really understand what a firewall was. Most people
> considered a proxy server as a sort of firewall.
>
> I remember a client telling me they were protected because they used
> reserved ip address and M$ proxy. In fact at the time M$ was marketing
> their proxy server as a "poormans" firewall.
>
> But today firewalls protect the IP stack. And most people know that a
proxy
> is not a firewall. So this hardware based is better than software based
> stuff does not ring true.
>
> When someone asks me which is better Pix or Checkpoint, I tell them it
> depends. I can find you studies that says Pix has better throughput than
> Checkpoint and vise versa.
>
> The real difference between them is that Checkpoint has a gui interface
and
> Pix has the o'l command line. You can pretty much do the same thing with
> them, so what it comes down to is what are you or your staff more
> comfortable configuring. Are you a cisco shop, buy the pix, are you an
> NT/Unix shop, buy Checkpoint. Beyond that it is all marketing semantics.
>
> In fact I have heard, but not seen, that their is a new gui interface for
> the Pix. Anyone used it lately?
>
> I haven't had time to work with it, since I'm preparing for this little
know
> lab called CCIE or something like that. What's an IGP? (oh my brain is
> starting to hurt...)
>
> -----Original Message-----
> From: Jim Brown [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 04, 2001 7:45 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]
>
>
> Security holes in lower layers? Where did you come up with that, your
Cisco
> rep?
>
> -----Original Message-----
> From: Eugene Nine [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 03, 2001 5:01 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]
>
>
> PIX goes up to layer 4, so it won't do things like URL filtering.
> Checkpoint (or other SW) can do higher layer protection but may not be as
> well at the lower layers (due to security holes in the OS, etc)
> Eugene
>
> ""Chuck Larrieu"" wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Asked sincerely, what advantages do you see in provisions PIX plus
> > checkpoint?
> >
> > Chuck
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> > [EMAIL PROTECTED]
> > Sent: Thursday, May 03, 2001 2:47 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]
> >
> > It depends on your security policy , design and needs , generally what
we
> > advice our
> > customers is checkpoint + pix together
> >
> > Hatim badr a icrit :
> >
> > > Hi ,
> > >
> > > I would like to know the pluses and minuses of each product .
Currently
> > We
> > > are using checkpoint and I want to convince my management to switch to
> > cisco
> > > PIX firewall .
> > >
> > > Thanks
> > >
> > > Hatim
> > >
> > > ____________________________________________________________________
> > > Get free email and a permanent address at
http://www.netaddress.com/?N=1
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3212&t=2878
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
