Re: Proxy 2.0 secure?

[ark]

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

"Brian Steele" <steele_b () spiceisle com> said :

> > TIS fwtk: $0
> > FreeBSD+IPfilter: $0
> > Linux ipfw: $0
> > Squid proxy: $0
>
>
> Ok - I'm always interested in free products.  How well does this product
> integrate with an NT-based LAN and the security model employed thereon?  For
> example, would it allow me to log on at any NT or Win 95 box on the internal
> LAN (with dynamic IP addresses assigned via DHCP to each PC) and access the
> Internet transparently without requesting additional authentication
> information? 

Dynamic DHCP is _BAD_. I see no reason for anyone to use it.
Use static DHCP and enforce it with switching hubs and tools like arpwatch.
That will provide much more control and monitoring features.

> Will I be able to move to another PC and continue to enjoy my
> privileged access to the Internet without any reconfiguration on the part of
> the PC or the server, while another user is only allowed HTTP access to
> certain sites from my PC, based on his authentication level under NT, again
> all transparently?

Are you _sure_ you _need_ that?
Are you sure it is a good idea from the security viewpoint?
I'd better not to allow such things.
 

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNZOd8KH/mIJW9LeBAQHWkQQArHTjM5jSfKAJlCcD/isXFJcImun1Z4Hn
ooRtwtYWnVEtL9g5liM3OrKUEXtaDwejVuEs4lsAcxGaqqu4RIZOKESz6QonM0C6
iAgNrOkEz1xybrijyrip8IwKvyd7kBt+NGJphTUf/dAMHFogucLWRf5QUSSQk+Rs
FqQ+JJXBzGI=
=VCJq
-----END PGP SIGNATURE-----