Often more resources are allocated to protecting internal networks from external malicious attempts, yet equal care and attention need to be devoted to monitoring and filtering out-bound connections initiated from internal networks. The Cisco PIX firewall is an advanced product and has many different options for protecting against network layer attacks. It also supports content filtering for outbound Web and FTP access and a limited form of intrusion detection. Content filtering features on the PIX can be used to enforce a company's acceptable use policy. The PIX can interface with Websense (www.websense.com) or Sentian by N2H2 (www.n2h2.com) servers and deny or allow internal clients to access specific Web sites. The PIX is also able to filter out Java applets and ActiveX code from incoming Web pages to protect clients against malicious code. Finally, the PIX has embedded protection against various DoS attacks, such as SYN floods, excessive fragmentation, and excessive connection establishment. IP address antispoofing is supported by the reverse-path forwarding feature.