Re: proxies for personal firewalls

[Magosányi Árpád <mag () bunuel tii matav hu>]

A levelezőm azt hiszi, hogy Paul D. Robertson a következőeket írta:
> From a protection standpoint, it makes more sense to install better
> applications locally.
[]
> It's possible that you could gain application protection, especially if
> you can add per-protocol filtering to the proxy- but the maintenance
> headache of keeping that updated is probably no worse than that of
> maintaining the applications directly.

The main point of firewalling is there _are_ braindead and/or
badly operated programs out there which need to be protected.
With a personal firewall you won't have benefits in the
badly operated case as you have pointed out.

But for the braindead case it can help.

And there is another case: in a multilevel host you can use
application level proxies as a guard, taking apart multilevel
channels into multiple single level channels and redirecting
them to the correct place in-house.
A real-world example can be a one-ip multiple-virtualhost
http proxy which redirects the traffic to one of the multiple
web servers each sitting in its chrooted sandbox.
This case may not actually counts as a personal firewall,
working out cases which do is left as an exercise for
the reader, based on their definition of "personal".

-- 
GNU GPL: csak tiszta forrásból
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards