Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Basic Network Configuration

From: "'Ansgar -59cobalt- Wiechers'" <bugtraq () planetcobalt net>
Date: Fri, 17 Oct 2003 13:18:57 +0200
On 2003-10-16 David Gillett wrote:

IF everything your users need to be able to reach the Internet with
CAN be proxied, and management will pony up the cash for a proxy
server and software, then yes, the proxy server should go in the DMZ.
Not every organization can justify both the restriction and the
expense.


True.


A proxy means that there is no direct traffic ONLY if there are rules
on the firewalls that prohibit direct traffic.  (A "deny all" rule is
still a rule.)  So for organizations that deploy a proxy this way, the
second ruleset is extremely simple -- but not void.


Ah, my bad again. I meant "deny all" when I said I would consider the
ruleset void. Of course "deny all" is a rule too, but as it is (or
should be) the default rule I didn't look at it as a ruleset. Sorry for
the mistakable wording.

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: