Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: on-the-fly-analysis vs. proxy rewrites

From: Darren Reed <darrenr () reed wattle id au>
Date: Sat, 11 Feb 2006 01:55:13 +1100 (EST)
On Wednesday, February 08, 2006 1:27 AM, Darren Reed so wrote:


On Tuesday, February 07, 2006 12:50 PM, Dave Piscitello so spake:


An interesting exercise for this list - possibly a new thread? - is 
"what security policies are best enforced by implementing

"on-the-fly 

analysis" versus "what security policies are best enforced by proxy 
rewrites".


How is one different to the other ?

How is a proxy not doing something "on the fly" ?


My sometimes jaded view is that the proxy rewrites the traffic to
conform to whatever the proxy writer wrote. Hopefully, that matches up
with some standard protocol to _provide_ the security. I.E. You get the
security from the proxy writer having rewritten your traffic. It's doing
*something,* true, but it's not "checking" anything. It's just not
re-writing any *bad* stuff.


That is still "on the fly".  The original question (however flawed it
was), wanted to compare "on the fly" vs proxy.  I'd assert that in
nearly all cases, except for SMTP, the proxy IS "on the fly".

Darren
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: