actually we have performed several successfull penetration tests on
companies using the pix (and several other firewalls-don't want to just
pick on the pix) and i can definately tell you that in most instances the
problem lied in the fact that either the customer or the
integrator/reseller had not done a comprehensive job on set up. i think
that in general the resellers that we have run into on the pix tend to be
router or networking guys with very little experience in the security
industry. the pix definately has a place...we will typically recomend it
to customers who have greater than t3 throughput requirements and who are
okay with greater security risk levels.
btw: i think that cisco means that no one has ever penetrated the pix box
directly, not that no one has ever penetrated a network or host protected
by the pix. if the other were the case i suppose we made history ;-)
note: the non-configuration problem successfull penetration tests were
performed with application level attacks ie- http piggy back attacks etc.
At 12:30 AM 3/26/98 -0800, you wrote:
>At 08:29 -0800 3/25/98, Chris Sutherland wrote:
>>This is true. But Cisco also purchased Centri for the specific purpose of
>>front-ending on the PIX. My point was that this shows that Cisco themselves
>>see the PIX box as being inadequte unto itself.
>Um, Cisco promotes Centri as a low-cost alternative to PIX, not a "front-end"
>>Not really - i'm just a die-hard sceptic. And i have also penetrated the
>>PIX box when last i talked to a cisco rep it had "never been penetrated."
>>That kind of statement is inappropriate imho.
>Would you like explain the circumstances under which you did this? I'd
>certainly like to know more about it.
>Abe Singer | Voice: (619) 552-6672
> | Fax: (619) 593-6994
>Virtual Integrators, Inc. | Internet: Abe .