Firewall Wizards mailing list archives

Re: MS Proxy 2.0 is enough ?

From: dreamwvr <dreamwvr () dreamwvr com>
Date: Thu, 18 Feb 1999 21:19:43 -0700

hi,
   have you considered squid it is far better than m$ proxy by 
a long shot and will get you there more co$t effectively as well.
it is worth considering ...
                                                regards,
                                                dreamwvr () dreamwvr com
At 05:33 PM 2/17/99 -0500, cbrenton wrote:

On Tue, 16 Feb 1999, Ferran Rebollar Cervello wrote:

for security reasons we have two isolate LANs: LAN_A and LAN_B. 
But now, LAN_A users must access an intranet web server in LAN_B and

LAN_B users must acces the corporative mail server in LAN_A.

Other traffic/services between LAN_A and LAN_B will not be allowed.
Using MS Proxy 2.0 is enough ? Better a strong firewall (like

Checkpoint's Firewall-1) ?


You have not really provided enough info to gauge how secure of a solution
you really need. For example you would be looking at drastically different
solutions if LAN_A and LAN_B are public libraries as opposed to financial
institutions.

If you are just looking for basic security, I would suggest you go the
packet filtering route. Something static like 3COM, or even better
something dynamic like Cisco.

If you go the proxy route, you will be required to use SOCKS (and thus
SOCKS aware applications) or the running the workstation client. While
this will give you user level security, it also adds an additional level
of administration. This can be a good thing if you require user level
control or a pain in the butt if you are simply looking for basic access
control.

Something like a Cisco router goes in the other direction. It would be
transparent to your network layout except that it filters out traffic you
do not wish to pass. It does not however give you user level access
control.

So what you really need to do from here is perform a needs analysis and
run with a security solution that best fits this need.

Cheers,
Chris
-- 
**************************************
cbrenton () sover net

* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet

Reuters, London, February 29, 1998: 
Scientists have announced discovering a meteorite which will strike the 
earth in March, 2028.  Millions of UNIX coders expressed relief for being 
spared the UNIX epoch "crisis" of 2038.
_______________________________________________________________________

DREAMWVR.COM - TOTAL WEB INTEGRATION, DEVELOPMENT, DESIGN SERVICES. 
Featuring Website Development and Web Strategies of a TOP Developer 
New Look and Feel... Coming to a Browser near you..:) 
<http://www.dreamwvr.com/services/MAX_SEC.html><-- Road Improvements
DREAMWVR.COM - The Console of Many... 24 X 7 Evolution Internet
<http://www.dreamwvr.com/dynamicduo.html> <mailto:dreamwvr () dreamwvr com>
"As Unique as the Company You Keep."        "===0 PGP Key Available  
________________________________________________________________________

Current thread:

MS Proxy 2.0 is enough ? Ferran Rebollar Cervello (Feb 17)
- Re: MS Proxy 2.0 is enough ? Riccardo Fontana (Feb 18)
- Re: MS Proxy 2.0 is enough ? cbrenton (Feb 18)
- Message not available
  - Re: MS Proxy 2.0 is enough ? dreamwvr (Feb 19)
    - Re: MS Proxy 2.0 is enough ? David LeBlanc (Feb 24)
- <Possible follow-ups>
- Re: MS Proxy 2.0 is enough ? rickshaw (Feb 19)
- Re: MS Proxy 2.0 is enough ? Robert Graham (Feb 25)