Properly managed an application firewall is FAR more secure than a PIX. The
PIX is ok, but I don't consider it to be a real firewall. I also don't
consider the IRX-211 to be a firewall - packet filters do not a firewall make
IMHO.
Look at NAI Gauntlet and Checkpoint Firewall-1. Gauntlet is an application
proxy firewall, and Firewall-1 is a stateful inspection firewall. Firewall-1
is the single most popular firewall available.
Security vendors like GTEI use these to build their managed firewall
offerings. GTEI has approximately 400 managed firewall customers, not
counting the goverment sites, and not one has ever been successfully attacked
through the firewall.
Of course, a firewall doesn't stop a determined attack - it can only slow
it down. So I hope they plan on having someone monitor it, 7x24 if they
are serious. So many sites get hacked after installing a firewall because
no one is paying any attention to it. It gets treated like a NAS - plug
it i, turn it on, configure it and forget it.
-MZ
-- -=*X GOT CLUE? ISPF II - SAN DIEGO, CA 3/6-10 <URL:http://www.ispf.com/> X*=- <URL:mailto:megazone@megazone.org> Gweep, Discordian, Author, Engineer, me.. Join ISP/C Internet Service Providers' Consortium <URL:http://www.ispc.org/> "A little nonsense now and then, is relished by the wisest men" 781-788-0130 <URL:http://www.megazone.org/> <URL:http://www.gweep.net/> Hail Discordia! - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>