News Release

Cisco's PIX Firewall Passes Industry Security Test

SRI demonstrates high-performance, secure barrier for
Sep 04, 1996

SRI demonstrates high-performance, secure barrier for Internet/intranet security

SAN JOSE, Calif. - September 4, 1996 - An independent evaluation bya prominent research and consulting firm has found that Cisco Systems' PIXFirewall, a scalable network security solution for corporate intranets andthe Internet, successfully resisted all tested security threats, even whensubjected to extreme network traffic. The testing was conducted by SRIConsulting, a subsidiary of SRI International that provides research,development and consulting services for private industry and governmentsworldwide.

Testing Parameters

SRI tested the PIX Firewall by using it to protect a computer on aprivate local-area network (LAN) from intrusion by a computer via theInternet. SRI connected a Sun workstation running Solaris 2.X on eitherside of the PIX Firewall, one as a protected computer on the inside networkand the other as the external attacker. A set of traffic overload tests,designed to determine the extent to which large amounts of network trafficpassing through the PIX Firewall compromised its security features, wasalso performed. During the tests, no network degradation occurred and allattempts to break into the PIX Firewall were unsuccessful. As anadditional test, the SRI team ran the SATAN toolkit against the PIXFirewall, finding no open ports or security vulnerabilities.

"The PIX Firewall performed exceptionally well, resisting allattempts to directly attack the network interfaces and consistently denyingaccess to any computer on the internal network, even under severe inputoverload," said Tom Lunzer, principal consultant, Internet Technologies &Services of SRI Consulting. "Additionally we found that the PIX Firewallis easy to use and install, and provides a secure, reliable interfacebetween internal networks and the Internet."

With increasing usage of Internet-based communications such asemail and electronic commerce, securing corporate networks is a growingpriority of network managers. According to a Dataquest study InformationSecurity Market Analysis, 1995-2000, the revenue forecast for the worldwideinformation security market will increase to $13.1 billion by the year2000. To protect internal resources from external intrusion whileaccessing the Internet, the PIX Firewall offers a cost-effective securitysolution within a corporate intranet and between a company's servers andthe Internet.

Shielding the Network

Internal networks are shielded from unauthorized access through theInternet by specially developed connection-oriented technology integratedinto the PIX Firewall. Based on Cisco's Adaptive Security Algorithm (ASA),the PIX Firewall provides network managers with enhanced auditing featuresto track the source and destination addresses of each information packet,along with TCP sequence numbers and additional TCP flags. Cisco's ASA alsoenables the PIX Firewall to set up pre-approved individual sessions betweeninternal and external devices. For maximum security, as soon as atransaction is complete, the session link is disconnected.

Unlike many firewall products, which are based on UNIX or WindowsNT, the PIX Firewall is a standalone network device that uses a secure,real-time embedded kernel system. This architecture eliminates thepotential problems, such as maintenance typically associated with usinggeneral-purpose operating systems as the core of a security product.Network managers can set up the PIX Firewall quickly with approximatelyfive commands, assuring users of minimal network downtime. In addition, tocope with large amounts of network traffic generated by corporateenterprises, the PIX Firewall also provides support for FastEthernet networks.


The PIX Firewall is available withconfigurations supporting from 32 to 16,000 simultaneous TCP sessions.

SRI Consulting works with companies worldwide to develop strategiesfor competing in today's technology-driven marketplace. SRI providesclients with an understanding of how new technologies can be developed andcommercialized or used -- and how those advances can be leveraged forcompetitive advantage. SRI's consulting services are backed by SRIInternational's 50-year heritage as a pioneer in developing and applyingnew technologies.

Cisco Systems (NASDAQ:CSCO) is theleading global supplier ofinternetworking solutionsfor corporate intranets and the global Internet.Cisco's products -- including routers,LAN and WAN switches, dial-up accessservers and network management software -- are integrated byCisco IOS(tm)software to link geographically dispersed LANs, WANs and IBM networks.Company news and product/service information are available at World WideWeb site is headquartered in San Jose, Calif.

# # #

PIX Firewall, Cisco IOS and Cisco Systems are trademarks, and Cisco and theCisco Systems logo are registered trademarks of Cisco Systems, Inc. Allother trademarks, service marks, registered trademarks or registeredservice marks mentioned in this document are the property of theirrespective owners.

Posted: Wed Sep 4 16:19:09 PDT 1996
Copyright 1996 ) Cisco Systems Inc. All rights reserved.