Re: Applications Proxies

[Jeff Newton <Jeff_Newton () pmc-sierra com>]

Would a HTTP proxy defend against the latest Microsoft IE vulnerabilty
(MS01-058) that downloads and executes code due to modifications of
content-disposition and content-type? 

Paul, can you recommend a few application-layer proxies that are robust
and mature enough for enterprise deployment?

Cheers,

Paul Robertson wrote:
> Sorry, I don't have stats, but I'd like to point out (just in case you're
> not aware) proxies are generally used to protect Web clients, not Web
> servers.
>
> Even in places where I've put in application layer gateways (and that
> tends to be >99% of places I've firewalled) to protect the enterprise, I tend
> to use filters for Web servers on the DMZ or service network.  It cuts down on
> latency, support issues, and if there's a transport layer attack against your
> Web servers, you're going to patch it quickly anyway- and those aren't all
> that common compared to the set of successful attacks against Web servers
> overall, and so far they've all been DoS attacks unless you happen to have
> been running TCPDump on your Web server.
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson      "My statements in this message are personal opinions
> proberts () patriot net      which may have no basis whatsoever in fact."
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards

-- 
Jeff Newton
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards