PIX Firewall Security
The PIX, being a security-specific device, is fairly robust from a security perspective. This section talks about some of the important techniques you can use to make the firewall even more secure from a device perspective. The earlier section “Router Security” talks about the reasons for having most of these safeguards, so I will not repeat them here but rather will concentrate on the actual implementations.
Managing a configuration away from the PIX box in case of an attack is important. PIX allows configurations to be saved on a TFTP server via the write net command. The write net command writes the PIX configuration to a TFTP server specified by the tftp-server command.
The configuration should ...