Compare cert salaries and plan your next career move
Hyper-Me wrote: » Well i think one of the reasons would be that generally purpose built devices are going to be better than a device mean to be "ok" at many things. For instance a Cisco PIX firewall and a seperaet Cisco router is a superior solution to a Linksys WRT with a built-in poop firewall. Maybe not the best example, lol.
ilcram19-2 wrote: » to me and to what pix and ASA do they have alot of limitations, i usually try to get a router instead and they are cheaper new models of cisco routers ISRs and ISR G2 are my choice in any case instead of the ASA or a pix. They routers are also good firewalls that can be setp up with IDS/IPS configurations. also when it comes to vpn i rather get a router than a PIX or ASA becase you have more flavors with vpn including DMVPN, GET VPN, GRE/ipsec vpns,as well as regular ipsec vpns so routers are more scalable. for firewall you have IOS firewall, zone-based firewall, content filtering, MQC that can be used as well to drop traffic. also QOS for Audio and Video. see link for the models avaliableRouters - Cisco - Cisco Systems my favorite so far is the Cisco 2821 im hoping to get to play around with a 2921 pretty soon i also like 871w, 1841
ilcram19-2 wrote: » then ill reccomend and 871w router they are really cheap on ebay and they can do everything that i metion and more, i've mine setup with an Webvpn and sslvpn. i got mine for 275 a while back
Silentsoul wrote: » I use a linksys wrt54gL running dd-wrt and it works great. Lots of features. I also have a pix firewall i am getting ready to set up since i will be going for my CCNA this year. I see you are going for the Linux +, why not set up a simple server and do something likeIPCop an untangle boxUntangle monowallDistroWatch.com: m0n0wall or maybe a squid box running iptables. Just a couple thoughts. I would like to do an untangle box it's a pretty cool deal.
dynamik wrote: » I run an ASA 5505; got it for a few hundred on NewEgg. I just got a WRT54GL that I'm going to flash for my wireless studies, but I'm probably not going to do any routing/VPN with it.
Ahriakin wrote: » There's a huge amount of traffic sanitation (Protocol compliance, Options filtering, low level packet controls etc.) you can do on an ASA that you can't with the IOS firewall set. If all you want is a simple stateful firewall then CBAC will do the trick, but for corporations go with a dedicated firewall appliance. Also with a router you need to manually protect the control-plane by making sure features that are not hardware accelerated (even if just CEF vs. process switched) are not going to be exploited, the ASA for better or worse is a purely software/cpu driven device so you're not going to miss something falling into a less optimized path - for example you are a lot more likely to cripple a router with a poorly placed ACL log statement than an ASA, now say you have that log statement for a rare traffic type, an attacker manages to capture some of your syslog, works out what is being logged and then hammers your router with it....buh bye (unless of course you have spent time securing the control-plane).
knwminus wrote: » Also which would you use for vpn (for home use) a cisco router or a linux box/open vpn solution?
msteinhilber wrote: » I also picked up an ASA 5505 from Newegg, pretty good value - ended up with an unlimited user bundle very cheap on an open box gamble which I felt comfortable with since I suspect a lot of people buy them not knowing what they are getting into (thinking it's easy as a Linksys to configure). My main reasons behind the ASA were partly related to my job as well as my certification goals. Our PIX 506e failed at the office some time ago and I replaced it with an ASA 5510, so the ASA 5505 will give me a good platform to learn a bit more about what we have in the office and how I can better utilize it's features without doing the testing on our production environment first. I also plan to go down the Cisco certification path to the CCSP as well so the ASA might come in handy if I get around to that. Currently the ASA is my router/firewall and will probably remain that way. I also have directly behind that Untangle operating as a bridge. Wireless is provided by a Linksys WAP54G AP running DD-WRT. Untangle is a decent product I think, it has served us well in our branch offices. SuperMicro offers short depth 1U barebones based off Intel's dual-core Atom CPU. Stick a 80GB SATA disk and a 2GB stick and you have a 1U Untangle device with two ethernet interfaces that can handle an office of 50 users easily for about $250. Honestly, I would just try a bunch of options with the Linux based solutions on some inexpensive hardware you might have laying around just to do it. It's fun to try out and see what the capabilities are. I've tried a handful of solutions and enjoyed messing around with them like IPCop, Shorewall, Untangle, etc. Do it because it's fun and because you can learn at the same time.
HeroPsycho wrote: » I'm gonna be replacing my IPCop setup with this soon:Astaro Internet Security - Free Home Use Firewall Does far more protection with AV, Antispam, etc.
dynamik wrote: » Astaro is good stuff. Do you still have to pay for the subscriptions (anti-x updates) with the free version?
Gogousa wrote: » I'm not against linux, but why people always want to solve everything with linux, for free and using cheap hardware. I know it works because I use it myself, but when we are talking about business I don't recommend linux, I always recommend a dedicated hardware, that do what they are suppose to do and with no moving parts. Off course if we are talking about serious business. - I know linux fans are gonna love me - If it helps, I use linux for some nice things.
chrisone wrote: » i have to disagree with both of you, i have worked with Astaro firewalls for a year now at a major company and trust me they suck!
msteinhilber wrote: » I think it's a common misconception that because someone intends to use a Linux solution that they probably plan to use very cheap hardware. Nothing is wrong with a well implemented solution based on Linux, many commercially available products that fit various needs with network security actually run a Linux kernel. I don't see having dedicated hardware (with or without moving parts) as being any more reliable by default, it all comes down to the quality of the hardware used and if redundancy/failover is available if the need is there.
chrisone wrote: » i have to disagree with both of you, i have worked with Astaro firewalls for a year now at a major company and trust me they suck! even with the latest code and update they always have ipsec tunnel issues. It seemed every other weekend we had reboot the thing because it keept on getting lockedup. We literraly called their tech support every month and had a case open for months. We finnaly got rid of it for Dual Fail over ASA 5540s we are a much happier networking team believe me! You cannot program the Astaro firewall with CLI. You will void your license if you break something in CLI. Everything is done on WEB Based interface which is mega slow! we constantly got IE errors stating "the website is taking forever to load, click cancel to stop loading or press no to continue waiting!" seriously it would take 20 mins to get some thing done that would take on an ASA in 5 minutes. Just pay the extra money to get a Cisco product. Do not suffer the same headaches we and many others did using Astaros, IP copps, check points, etc. Astaros are not good for a medium to large size enterprise. No joke and im not hating, im speaking from real world experience, do not get an Astaro! You have no idea what kind of pain will be coming your way!
Compare salaries for top cybersecurity certifications. Free download for TechExams community.
