Re: How automate firewall tests

["Paul D. Robertson" <paul () compuwar net>]

On Mon, 21 Aug 2006, Tim Shea wrote:

> And you can equally argue that proxies were never good to begin  
> with.  Really - the majority of applications out there have no real  

I've got clients who at least have some benefit from running HTTP through 
a proxy and stopping various MIME types.  It's not perfect by any stretch 
of the imagination, but it stops a fair volume of malware/spyware daily.

> layer 7 level proxy so you have to tackle the problem from other  
> directions.  And the off the shell proxies (smtp, dns, http, etc)  
> don't offer much value since these applications have been tested to  

With a proxy, DNS doesn't go down to the client- that's a huge win in the 
anti-tunnel arena.  Where I have clients who do MS Exchange internally, 
the SMTP proxy keeps them from spewing SMTP from an infected client as 
well...

> death or the application isn't anymore "protected".  What is the  
> point of recommending a solution that doesn't exist?  I am a fan of  
> proxies but the reality is the firewall - whether it be proxy or  
> other - is only a small part of the equation.

A chance to arbitrate the conversation isn't necessarily a bad thing- 
especially if you can't control the end nodes.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
http://fora.compuwar.net      Infosec discussion boards 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards