Question

Compare features of Cisco PIX and NetScreen firewall in terms of filtering methods (stateless or stateful filtering), and the additional features these firewalls support (IDS, content filtering, etc.) for each firewall. Which one would you recommend to your supervisor? Justify your answer

Answer 1

Hi,

For every computer using internet the main need is security.This means the system should protect from an external attack.Here we use a firewall to protect to protect the computer devices from any attackers.It controls the incomeing and outgoing traffics.It blocks the unwanted packets entering into the system.It provide full security for the system.

Cisco PIX and Netscreen firewalls ae two products of firewall.There features are given below:

Cisco PIX	Netscreen firewall
1. URL fitering : It controls the ability to access certain content.It is an effective way to filter network traffic.	1. It supports both URL filtering and more antivirus filtering.It is a main requirement in many organization .It prevents the users from accessing inappropriate web content.
2.One of the main feature is it enables the content filtering service.It does not allow inappropriate or dangerous access of web content and is blocked.	2.It also provide content filtering as a security service.It allows to configure the restrict webpage features and trusted domain settings.
3.Cisco PIX is a statefull firewall.It filter packets based on the full context of the given connection.On using a statefull firewall filter it make dynamic control decision.	3.Netscreen firewall insoect only the source and destination information.So it is stateless firewall.It cant consider the overall pattern of incoming packets.
4.IDS stans for Intrusion Detection System.It is not enabled by default.It checks the systems whether any malicious attack exist.It supports both inbound and outbound auditing.It performs the Alarm,Drop and reset actions.	4.It uses the IDS charecteristics by providing Deniel Of Service.

Here both the cisco PIX and netscreen firewall have many advantages.But netscreen firewall is a stateless firewall as it uses clues from the souce and destination to check whether there is any threats occur.It never monitor the full traffic like Cisco PIX.So I recommend to use the Cisco PIX for the supervisor.

Thank you...