PIX are the Cisco firewall. This is a pure hardware firewall. Check the
following URLs
http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/
http://www.cisco.com/univercd/cc/td/doc/pcat/fw.htm
They are layer 2-3 firewall working more like ACL mode than any other
firewall
Regards
Francois
********************************
Francois X. LEYTENS
Directeur - Ingénieur
SEDELEC SA VALAIS
Rue du Chemin de Fer 24
Case Postale 16
1958 St Leonard
--------------------------------
Tel : +41 27 205 6000
Direct : +41 27 205 6002
Mobile : +41 79 205 6002
Fax : +41 27 205 6001
Email : [EMAIL PROTECTED]
********************************
> -----Message d'origine-----
> De: satyam [SMTP:[EMAIL PROTECTED]]
> Date: mercredi, 19. septembre 2001 07:51
> À: [EMAIL PROTECTED]
> Objet: Re: Hardware Firewall vs Software Firewall
>
> Hi
> what is Cisco PIX
> a s/w or h/w firewall?
>
> regards
> dp-newbie
>
> ----- Original Message -----
> From: Leytens Francois X. <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; Shaun Prince <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: 18 September 2001 13:48
> Subject: RE: Hardware Firewall vs Software Firewall
>
>
> Hi all,
>
> About this ambiguitus subject, my experience is that :
>
> A software firewall is set on an OS and often, the OS present more
> security
> holes than any software firewall. The other fact is that one of the
> simpliest info to get is the OS brand and version and therefore it is very
> easy to check all vulnerabilities about that OS. You must then secure your
> OS and then install your firewall and secure it. You need to upgrade both
> OS
> and firewall as well as maintaining both. The fact that a software
> firewall
> is cheaper is true but don't forget to had the hardware price and the OS
> license. Also, the IP stack with all the networking hardware on the
> computer
> might give you limitations.
>
> A hardware firewall usually work closer to the hardware and most of the
> time
> is integrated to the hardware OS. Often, this OS is unknown and hard to
> attack (I said often and not all the time). When you need to patch your
> firewall, the patch are very often (again) for both OS and firewall and
> you
> don't need to care about patches for one or the other. In this case, the
> networking hardware and the IP stack are often better and more integrated.
>
> You can even work with a mix of the two (like the nokia one) which is a
> dedicated hardware with a dedicated OS (based on BSD) and with a
> checkpoint
> licence install on it. In this case the upgrade and maintenance are still
> the same as the hrdware box but working with a software product.
>
> In my point of view, the most critical point to check to make you decision
> is the thruput you need across your firewall.
>
> Hope this can help
>
> regards
>
> Francois X. LEYTENS
>
> ********************************
> Francois X. LEYTENS
> Directeur - Ingénieur
> SEDELEC SA VALAIS
> Rue du Chemin de Fer 24
> Case Postale 16
> 1958 St Leonard
> --------------------------------
> Tel : +41 27 205 6000
> Direct : +41 27 205 6002
> Mobile : +41 79 205 6002
> Fax : +41 27 205 6001
> Email : [EMAIL PROTECTED]
> ********************************
>
> > -----Message d'origine-----
> > De: Devdas Bhagat [SMTP:[EMAIL PROTECTED]]
> > Date: samedi, 15. septembre 2001 08:35
> > À: Shaun Prince
> > Cc: [EMAIL PROTECTED]
> > Objet: Re: Hardware Firewall vs Software Firewall
> >
> > On Fri, 14 Sep 2001, Shaun Prince spewed into the ether:
> > > Could anyone explain to why most people prefer to use software
> firewalls
> > as
> > > opposed to using a hardware firewalls?
> > At some point, your firewall is software. If it was purely hardware,
> > you would not be able to configure it in anyway other than the default
> > settings. The benefits of a hardware (or rather firmware) based
> > firewall is that most work is done very close to the hardware, as
> > opposed to the usual software firewall which runs on an OS, or in an OS
> > kernel.
> > The biggest advantage of a software firewall is that it is cheaper, and
> > easier to upgrade and maintain than a hardware firewall.
> > My recommendation would be to go with what you can secure properly and
> > fits in your budget.
> >
> > Devdas Bhagat
> > --
> > Power corrupts. And atomic power corrupts atomically.
