Can PIX block viruses?

m.mohanasundaram · ‎04-20-2005

Hello,

I am just wondering if it is possible to configure PIX firewall (515E, 6.3) to block viruses entering my network? I have not seen any commands related to this on the PIX config guide.

Can anyone throw some light?

Thank you,

Mo

sachinraja · ‎04-20-2005

Hi Mohan,

PIX firewall inspects only layer 4 ports and denies if anything is blocked.. incase a standard port is open and the vulnarable/virus traffic is on that port, PIX will not block it.. it wont do anything on application layer inspection.. You can have an IDS parallel to the PIX, which can sniff these traffic and block if necessary.. even with this combination, u cant 100 % be sure that you are virus free..

version 7.0 of pix has a lot of application inspection engines defined.. i havent tested that.. you can have a look at the release notes of V7.0

http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a00803f0f4c.html#wp200466

Raj

m.mohanasundaram · ‎04-21-2005

Hi Raj,

Thank you for your response. Also, I think the IDS capabilities available on PIX can be used to detect some viruses, based on the available signatures.

Thank you,

Mo

Patrick Iseli · ‎04-21-2005

Raj, is absolutly right. The PIX does not filter out viruses !

Even the IDS Signatures in version 6.3.x does not inspect that. There are new functionalities to do so called NAC - Network Access Control in Routers and Switches that will do this in the near future but not jet in the PIX.

http://www.cisco.com/ca/forum/pdf/sec-03.pdf

With PIX OS 7.0 were introduced some more application layer inspection that can block P2P and other application as MSN.

By the way here is a list of the IDS Signatures in version 7.0 and even there is nothing.

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a008041ad91.html

sincerely

Patrick