Hallo,
wenn man so viel über Firewall und Sicherheit liesst, kann man sehr leicht paranoid werden. Ich habe hier einen einfachen Router von der Firma AVM und dieser hat eine Firewall integriert.
Nun meine Frage ist die halbsweg sicher? Oder ist eine Firewall Pix noch sicherer? Für mich ist es schwierig abzuschätzen wie sicher eine Firewall ist oder ob diese nicht sicher ist.
Produkte:
AVM Fritzbox 2030 - Stateful Packet Inspection Firewall
PIX 501
Reliable, purpose-built security appliance
• Uses a proprietary, hardened operating system that eliminates security risks associated with general purpose operating systems
• Combines Cisco product quality with no moving parts to provide a highly reliable security platform
Stateful inspection firewall
• Provides perimeter network security to prevent unauthorized network access
• Uses state-of-the-art Cisco Adaptive Security Algorithm for robust stateful inspection firewall services
• Provides flexible access-control capabilities for over 100 predefined applications, services and protocols, with the ability to define custom applications and services
• Simplifies management of security policies by giving administrators the ability to create re-usable network and service object groups which can be referenced by multiple security policies, thus simplifying initial policy definition and on-going policy maintenance
Advanced application and protocol inspection
• Integrates over two dozen specialized inspection engines for protocols such as Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Domain Name System (DNS), Simple Network Management Protocol (SNMP), SQL*Net, Network File System (NFS), H.323 Versions 1-4, Session Initiation Protocol (SIP), Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol (RTSP), Internet Locator Service (ILS), and many more
Intrusion prevention
• Provides protection from over 55 different types of popular network-based attacks ranging from malformed packet attacks to denial-of-service (DoS) attacks
• Integrates with Cisco Network Intrusion Detection System (IDS) sensors to identify and dynamically block/shun hostile network nodes
Authentication, authorization, and accounting (AAA) support
• Integrates with popular AAA services via TACACS+ and RADIUS
• Provides tight integration with Cisco Secure Access Control Server (ACS) for user/administrator authentication, dynamic per-user/group policies, and administrator access privileges
X.509 certificate and CRL support
• Supports SCEP-based enrollment with leading X.509 solutions from Baltimore, Entrust,
Microsoft, and VeriSign
Integration with leading third-party solutions
• Supports the broad range of Cisco AVVID (Architecture for Voice, Video and Integrated Data) partner solutions that provide URL filtering, content filtering, virus protection, scalable remote management, and more
Industry certifications and evaluations
• Earned numerous leading industry certifications and evaluations, including:
• Common Criteria Evaluated Assurance Level 4 (EAL4)
• FIPS 140-2, Level 2 Validation
Herzlichen Dank
Sascha Fleischer
[Diese Nachricht wurde von freierfall am 06. Mrz. 2008 editiert.]
Eine Antwort auf diesen Beitrag verfassen (mit Zitat/Zitat des Beitrags) IP