[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: design and built a firewall



At 09:36 13/06/2002 +0100, Brian Candler wrote:

>I wouldn't recommend that you try to turn the routers themselves into
>firewalls. Simple access lists (packet filters) do not make good firewalls.
>I believe Ciscos now have some stateful packet filtering capability, but
>it's still not going to be anywhere as good as a device which is designed to
>be a firewall. Remember that Cisco IOS has a not particularly good history
>of security flaws in the OS itself.

For your information, Cisco IOS Software has a firewall feature set with the same exact functionality than any external firewall :

http://www.cisco.com/warp/public/cc/pd/iosw/ioft/iofwft/prodlit/fire_ds.htm

And the only known bug for CBAC has been fixed in the latest release of IOS software 12.1 and 12.2.

Cisco Systems also support the encrypted IPSec tunnels on the routers.

Rgds



Antoine Perrault 
Systems Engineer
Cisco Systems, sub-Saharan Africa 
Email: antoine at cisco.com 
Mobile: +33 (0) 6 19 98 25 99
Phone  : +33 (0) 1 58 04 63 15
Fax     : +33 (0) 1 58 04 61 00


-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org