Firewall Wizards mailing list archives
Re: MS Proxy 2.0 is enough ?
From: Riccardo Fontana <rfontana () seclab com>
Date: Thu, 18 Feb 1999 09:09:10 +0100
IMHO, if you don't need to authenticate users or special security policy, it will be enough a router set with a god Access Control List (ACL). With a good ACL you can filter source post, source IP, destination and you can prevent spoofing attack. It's a simple and fast way to implement what you need. You can also trace audit connection loggin all the traffic passing trough the router using an external machine with SysLogd to catch the result. If you need STRONG security (i.e. you are afraid of internal users with a very good computer skill that cannot be trusted) you can use a firewall box; there are many kind available: Firewall-1, Axent Firewall, IP-Filt, also MS Proxy 2.0; these solutions are more expensive and often require more management work. Ferran Rebollar Cervello wrote:
Hi all, for security reasons we have two isolate LANs: LAN_A and LAN_B. But now, LAN_A users must access an intranet web server in LAN_B and LAN_B users must acces the corporative mail server in LAN_A. Other traffic/services between LAN_A and LAN_B will not be allowed. Using MS Proxy 2.0 is enough ? Better a strong firewall (like Checkpoint's Firewall-1) ? thanks in advance, Ferran
-- Riccardo Fontana Intesis SECURITY LAB Phone: +39-2-671563.1 Via Settembrini, 35 Fax: +39-2-66981953 I-20124 Milano ITALY Email: rfontana () seclab com
Current thread:
- MS Proxy 2.0 is enough ? Ferran Rebollar Cervello (Feb 17)
- Re: MS Proxy 2.0 is enough ? Riccardo Fontana (Feb 18)
- Re: MS Proxy 2.0 is enough ? cbrenton (Feb 18)
- Message not available
- Re: MS Proxy 2.0 is enough ? dreamwvr (Feb 19)
- Re: MS Proxy 2.0 is enough ? David LeBlanc (Feb 24)
- Re: MS Proxy 2.0 is enough ? dreamwvr (Feb 19)
- <Possible follow-ups>
- Re: MS Proxy 2.0 is enough ? rickshaw (Feb 19)
- Re: MS Proxy 2.0 is enough ? Robert Graham (Feb 25)