Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Proxy Server

From: "Joe Ippolito" <joe () joesnet com>
Date: Tue, 14 Sep 1999 22:18:09 -0700
This thread again?  See attached.

-----Original Message-----
From: owner-firewall-wizards () lists nfr net
[mailto:owner-firewall-wizards () lists nfr net]On Behalf Of Gesino, Frank
Sent: Sunday, September 12, 1999 8:11 PM
To: firewall-wizards () nfr net
Subject: Proxy Server


Hello...

I am working with a client who wants to use MS Proxy Server as a Firewall
Solution....obviously a very bad choice. I am writing a report to strongly
recommend they implement a true firewall.  I was wondering if anyone had any
good research to help me make my case even stronger.

Thanks

Frank Gesino
Condor Technology Solutions

-----Original Message-----
From: Ryan Russell [mailto:Ryan.Russell () sybase com]
Sent: Friday, September 10, 1999 6:33 PM
To: sean.kelly () lanston com
Cc: firewall-wizards () nfr net
Subject: RE: Free NAT






From: Brock, Todd A [mailto:TB120060 () exchange DAYTONOH NCR com]


Robert,
I think you are touching on something that I have suspected
for some time
now.  Specifically that it is not a long term workable solution that
requires every single "host" have it's own globally unique IP address.
In the not to distant future our breaker panels, security systems, air
conditioners, toasters, etc. (ad vomiteum) will, all and every one, be
"network accessible".  I have thought for a while that  a scheme that
requires every single item that might need network
connectivity to have a
unique global address is and will continue to be unworkable.


I don't beleive that this was ever the intention.  How many people want or
need the whole world to be able to connect to and control their toaster?  I
personally beleive that NAT and similar methods will not fade after (or are
intended to be replaced by) the introduction of IPv6.


Not me.  The mention of circuit breakers makes me shudder.  I can just
imagine someone flooding the $0.25 IP implementation with packets
in such a way as to cause the breakers to open and close repeatedly,
causing a fire.  I wouldn't want to subject myself to a denial-of-house
attack.

                         Ryan

P.S. Do you think I'll get into trouble when I want to firewall IP on
the AC lines coming into my house?  I could see PG&E wanting
to mandate IP access to my meter & breaker box. :)
--- Begin Message --- From: "joesnet.com" <joe () joesnet com>
Date: Wed, 1 Sep 1999 21:46:40 -0700
Can't help you there since I think MS Proxy is a very cost effective and
easy to manage firewall solution.  If you don't need an easily configurable
DMZ and the use of ICMP, it works great.  It is quite secure with the packet
filtering enabled and the latest service pack and hot fixes.  If all you
need is port address translation and you want to manage (and monitor) your
user's access to the Internet with NT account permissions and save on
bandwidth with the http cache, MS Proxy is certainly the most cost-effective
solution available.

However, if you are a large organization, need a functional DMZ, have
varying inbound access needs, need the use of ICMP, and can afford the 20
times or greater cost, get a copy of Check Point's Firewall-1.  In other
words, it is more a question of functionality verses cost.

-----Original Message-----
From: owner-firewall-wizards () lists nfr net
[mailto:owner-firewall-wizards () lists nfr net]On Behalf Of TUDOR
PANAITESCU
Sent: Wednesday, September 01, 1999 6:14 AM
To: firewall-wizards () nfr net
Subject: COmpare Firewalls


Hello everybody !

I am trying to convince the people in the IT dept. here that they should get
rid of the Microsoft Proxy which is now the only "buffer" between our
network
(192.168.*) and the internet and to get a firewall.

My questions are: 1. Can anybody point me to a site with some information
about the poor reliability/security/etc. of M$ Proxy? 2. Can anybody point
me
to a site where I can find information on different firewalls in order to
compare and (try to) choose the right one? and 3. I'm trying also to promote
LINUX (RH6.0 with ipchains) as a temporary solution; can anybody point me to
a
site where I can find "tons" of information (especially advantages) of using
LINUX ? ( success stories, important companies using LINUX as a firewall
etc...).

Thanks in advance and best regards,
Tudor

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1

--- End Message ---
Previous By Date Next
Previous By Thread Next

Current thread: