Security holes in Pix 501??

I have a vendor that I work with that tells me he will not install a Pix 501 on any of his client sites because there are known exploits and holes in the software that make a 501 very simple to compromise.  He tells me he can compromise one within a few minutes and from there can have access to the rest of an internal network.  He won't give me the specifics on this exploit, which leads me to believe he might be full of it, but he says he will NEVER install a Pix 501 anywhere.  He also mentioned that this problem only exists in the 501 series of Pix because he has no problem at all installing a 506e or higher.

So my question to the experts is, are there any documented or known exploits that exist in the Pix 501 OS Software that cause them to be unreliable?  I currently use them in several of my own client sites and have never had any problems but would be very curious to know about this for future reference.
bwoodenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bwoodenAuthor Commented:
for the record, i am not looking for someone to explain the workings of any potential exploits so i can hack a network, i am just looking for info so i can make informed decisions for my clients.
lrmooreCommented:
I don't know of anything specific to the 501, but there are several versions of the PIX OS code that are of questionable security:
http://www.cisco.com/security/security-alerts.html

PIX Source Code
November 3, 2004
We are aware of the posting regarding the purported sale of the PIX 6.3.1. Cisco is actively looking into the alleged claims by some Internet groups on the purported sale and general availability of the Cisco PIX 6.3.1 source code. As a rule, we encourage all customers to maintain best practices in keeping their systems updated with the latest software (v6.3.4).

Cisco remains dedicated and focused on providing secure, intelligent networking systems to its customers and partners.

Here's a listing of all of Cisco's posted advisories - very upfront about vulnerable code versions, and fixes..
http://www.cisco.com/en/US/products/products_security_advisories_listing.html

PIX Specific
http://www.cisco.com/en/US/products/products_security_advisory09186a00801e118a.shtml

I've never heard of any PIX being exploited, no matter which version.
That said, the 501 is designed for a SOHO implementation with 10 or fewer users and no public servers. Yes, it does have 50-user license and it can do most anything its bigger brothers can, but it was still designed for small offices. I would never install anything smaller than a 506 in any business application.

ANY firewall that is not correctly configured can be compromised. Is it as secure as it can be out of the box? No, because it was desiged for ease of use for non-technical small offices, not for the professional firewall/network security guru to install.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bwoodenAuthor Commented:
Thank you lrmoore.  Good stuff as usual..

I tend to trust your info based on your history here.  Usually I use my 501's in small offices (fewer than 10 people as you mentioned) and move up according to needs of the client.  
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.