Re: MS Proxy 2.0 is enough ?

[cbrenton <cbrenton () sover net>]

On Tue, 16 Feb 1999, Ferran Rebollar Cervello wrote:

> for security reasons we have two isolate LANs: LAN_A and LAN_B. 
> But now, LAN_A users must access an intranet web server in LAN_B and LAN_B users must acces the corporative mail 
> server in LAN_A. 
> Other traffic/services between LAN_A and LAN_B will not be allowed.
> Using MS Proxy 2.0 is enough ? Better a strong firewall (like Checkpoint's Firewall-1) ?

You have not really provided enough info to gauge how secure of a solution
you really need. For example you would be looking at drastically different
solutions if LAN_A and LAN_B are public libraries as opposed to financial
institutions.

If you are just looking for basic security, I would suggest you go the
packet filtering route. Something static like 3COM, or even better
something dynamic like Cisco.

If you go the proxy route, you will be required to use SOCKS (and thus
SOCKS aware applications) or the running the workstation client. While
this will give you user level security, it also adds an additional level
of administration. This can be a good thing if you require user level
control or a pain in the butt if you are simply looking for basic access
control.

Something like a Cisco router goes in the other direction. It would be
transparent to your network layout except that it filters out traffic you
do not wish to pass. It does not however give you user level access
control.

So what you really need to do from here is perform a needs analysis and
run with a security solution that best fits this need.

Cheers,
Chris
-- 
**************************************
cbrenton () sover net

* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet