Cisco PIX 501 vs IPCOP

I have two computers, sharing a modem and never networked.

If I have $400 to spend on a software/hardware firewall, which would give me the best security against a hacker or trojan (from calling out), AND ease of operation, monitoring, configuration etc.? If I have to learn some UNIX, that's certainly ok., What are some of the pros and cons between the $400 Cisco firewall (PIX 501) or putting IPCOP on my Dell P1 166. Assume IPCOP costs $400 and came with CISCO-like support? I'm interested in the best security, but if the Cisco is equal to or better than IPCOP, even if it costs $400.00, on this issue I'll get it. One computer is a wired desktop, and the other is a wireless (WPA encrypted) laptop, but I believe that in the future, this arrangement may not be strong enough. Currently, I also use a NAT router and Zonealarm (on both computers). All other suggestion are certainly welcomed. I'm just trying to stay a step ahead.

Jack

Reply to
Jack Sandweiss
Loading thread data ...

I am a Cisco guy but I must say, why don't you go with a Linux/*BSD solution? It will not cost you anything (well, you will need a PC) and you will actually learn allot about firewalls only to be better at blocking this kind of crap. So you will win two ways...

Michael

Jack Sandweiss wrote:

Reply to
Michael J. Pelletier

I have the extra PC, which already has one NIC installed. I'm just not sure if I'm ready for a large challenge at this time, unless a BSD firewall would have a significant advantage (aside from costs) over the Cisco.

Thank you for the response.

Jack

Reply to
Jack Sandweiss

suggestion are

hi the best choice is use cisco's pix firewall.it will provide u both application level and network level security

Reply to
praji

For me, it would certainly be easier. Does IPCOP provide both levels of security? I enjoy learning about computers, and want to switch to Linux someday just to try it, but external events at this time lead me to a quicker solution. I've spent 30 years in science, and have taught D.C. electronics, but now is not the time for more confusion in my life.

Thanks for the response.

Jack (any more opinions are welcomed)

Reply to
Jack Sandweiss

Try IPCOP. It's free and easy to setup. I've downloaded my ISO image from

formatting link
and installed it. I had the Firewall running in less than 2 hours (I had to wait for the download and burn my CDROM). The IPCop ISO is about 40 MB's. You really don't need to know much linux to install it. Try the "Quick Start Documentation" and look at some of the "Screenshots." To configure anything, you log into the firewall through your web browser and look at stats, make changes, add VPN, etc. Try it. If it doesn't suit your needs then you can try something else.

Jack Sandweiss wrote:

believe

Currently, I

Reply to
rtrujillo

Thanks Doug, is an understatement. Are both as solid with outbound attempts?

Jack

Reply to
Jack Sandweiss

Thanks Doug is an understatement. Are both equally solid with outbound attempts?

Jack

Reply to
Jack Sandweiss

Thanks Doug is an understatement. A naive question---Do both protect equally well outbound attempts.

Jack

Reply to
Jack Sandweiss

Thanks, I'm leaning in that direction following Doug's post down the thread.

Jack

Reply to
Jack Sandweiss

Also, with two computer's sharing a modem through a router, with IPCOP, would the action of one computer affect the "permisions" on the other? Wouldn't IPCOP sit between the cable modem and the router? Again, please excuse my naivete.

Jack

Reply to
Jack Sandweiss

I'm equally well versed in Cisco and Linux, so hope this is a somewhat unbiased opinion.

I've been running IPCop since before 1.0.0. It is a rock solid firewall, actively maintained and has a good support community. I manage several of these for professional and home use. Never had a problem. You can't go wrong with either choice. The Pix will likely take a little longer to learn, but it's a nice skill set to have. The IPCop, you can probably have up and running in about 15 minutes. After a menu-driven install, it should re-boot and be fully protecting you (default deny all, until you allow anything other than return traffic back in). Then it's fully manageable via a web interface. Very quick and easy to get up and running, if you don't have a lot of time to learn the Cisco IOS.

Best of luck with whichever solution you choose.

Doug

Reply to
Nunya

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.