Tilted Forum Project Discussion Community - View Single Post

Pragma · 12-01-2003, 06:02 AM

Cisco PIX boxes still aren't the be all and end all of firewalls.

To repeat: Any firewall, unless you set it up properly, is insecure. This includes PIX firewalls.

I've got an OpenBSD machine I use as my "firewall" - it's got very few open ports (less than the fingers on one hand), and OpenBSD is a very secure OS (Only one remote hole in the default install, in more than 7 years). I consider that to be "good enough" for my purposes.

Given OpenBSD's security record, I feel that I can discount the "firewall getting hacked" possibility and concentrate on just the packet filtering job of the firewall.

And, just for fun, I did a quick google search for you, -Anders:
A year-ish old vulnerability report from Cisco on their PIX firewalls. Everything has holes. Everything.

12-01-2003, 06:02 AM	#14 (permalink)
Pragma I am Winter Born Location: Alexandria, VA	Cisco PIX boxes still aren't the be all and end all of firewalls. To repeat: Any firewall, unless you set it up properly, is insecure. This includes PIX firewalls. I've got an OpenBSD machine I use as my "firewall" - it's got very few open ports (less than the fingers on one hand), and OpenBSD is a very secure OS (Only one remote hole in the default install, in more than 7 years). I consider that to be "good enough" for my purposes. Given OpenBSD's security record, I feel that I can discount the "firewall getting hacked" possibility and concentrate on just the packet filtering job of the firewall. And, just for fun, I did a quick google search for you, -Anders: A year-ish old vulnerability report from Cisco on their PIX firewalls. Everything has holes. Everything. __________________ Eat antimatter, Posleen-boy!