Firewall Wizards mailing list archives
Re: proxies for personal firewalls
From: Magosányi Árpád <mag () bunuel tii matav hu>
Date: Thu, 18 Mar 2004 23:51:48 +0000
A levelezőm azt hiszi, hogy Paul D. Robertson a következőeket írta:
From a protection standpoint, it makes more sense to install better applications locally.
[]
It's possible that you could gain application protection, especially if you can add per-protocol filtering to the proxy- but the maintenance headache of keeping that updated is probably no worse than that of maintaining the applications directly.
The main point of firewalling is there _are_ braindead and/or badly operated programs out there which need to be protected. With a personal firewall you won't have benefits in the badly operated case as you have pointed out. But for the braindead case it can help. And there is another case: in a multilevel host you can use application level proxies as a guard, taking apart multilevel channels into multiple single level channels and redirecting them to the correct place in-house. A real-world example can be a one-ip multiple-virtualhost http proxy which redirects the traffic to one of the multiple web servers each sitting in its chrooted sandbox. This case may not actually counts as a personal firewall, working out cases which do is left as an exercise for the reader, based on their definition of "personal". -- GNU GPL: csak tiszta forrásból _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- proxies for personal firewalls ML (Mar 18)
- Re: proxies for personal firewalls Ng Pheng Siong (Mar 18)
- Re: proxies for personal firewalls Paul D. Robertson (Mar 18)
- Re: proxies for personal firewalls Magosányi Árpád (Mar 18)