Advanced Firewall Services Deliver Strong Business Protection and Rich Application Control
Robust Stateful
Inspection and Application Layer Security
Cisco PIX Security Appliances integrate a broad range of advanced firewall services
to protect businesses from the constant barrage of threats on the Internet and
in many business network environments. As a secure foundation, Cisco PIX Security
Appliances provide rich stateful inspection firewall services, tracking the
state of all network communications and preventing unauthorized network access.
Building upon those services, Cisco PIX Security Appliances deliver strong application
layer security through 30 intelligent, application-aware inspection engines
that examine network flows at Layers 4-7. To defend networks from application
layer attacks and to give businesses more control over applications and protocols
used in their environment, these inspection engines incorporate extensive application
and protocol knowledge and employ security enforcement technologies that include
protocol anomaly detection, application and protocol state tracking, Network
Address Translation (NAT) services, and attack detection and mitigation techniques
such as application/protocol command filtering, content verification, and URL
deobfuscation. These inspection engines also give businesses control over instant
messaging, peer-to-peer file sharing, and tunneling applications, enabling businesses
to enforce usage policies and protect network bandwidth for legitimate business
applications.
Multi-Vector Attack
Protection
Cisco PIX Security Appliances incorporate multi-vector attack protection services
to further defend businesses from many popular forms of attacks, including denial-of-service
(DoS) attacks, fragmented attacks, replay attacks, and malformed packet attacks.
Using a wealth of advanced attack protection features, including TCP stream
reassembly, traffic normalization, DNSGuard, FloodGuard, FragGuard, MailGuard,
IPVerify, and TCP intercept, Cisco PIX Security Appliances identify and stop
a wide range of attacks, and can provide real-time alerts to administrators.
Flexible Access
Control and Powerful Flow-Based Policies
Administrators can also easily create custom security policies using the flexible
access control technologies provided by Cisco PIX Security Appliances, including
network and service object groups, user and group-based policies, and more than
100 predefined applications and protocols. Using the powerful Modular Policy
Framework introduced in Cisco PIX Security Appliance Software v7.0, administrators
can define granular flow-based and class map-based policies, which apply a set
of customizable security services, such as inspection engine policies, Quality
of Service (QoS) policies, connection timers, and more, to each administrator-specified
traffic flow/class. By combining these flexible access control and per-flow/class
security services, the powerful stateful inspection and application-aware firewall
services, and the multi-vector attack protection services that Cisco PIX Security
Appliances deliver, businesses can enforce comprehensive security policies to
protect themselves from attack.
Configurations Include:
