Firewall Wizards mailing list archives

Re: Query: Why bother with an application proxy over stateful packet filtering?

From: Marcin Antkiewicz <firewallwizards () kajtek org>
Date: Mon, 27 Aug 2007 11:20:11 -0500 (CDT)

I am wondering why would the be a need to web up a proxy such as a web
proxy (Squid) instead of just using a stateful packet filtering firewall
(iptables) only in a network?


Will,

Do not think that just because something is a good packet filter, it 
will also make a good proxy, or IDS. Just because you know how to start 
a fire using a screwdriver it is not a good idea to keep doing so, 
especially when you have matches at hand.

Packet filtering and (security) proxies are different technologies - I use 
both of them because, when used correctly, they address different needs.

For more insight please read:
http://www.ranum.com/security/computer_security/editorials/deepinspect/index.html

--
Marcin Antkiewicz
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Query: Why bother with an application proxy over stateful packet filtering? william fitzgerald (Aug 27)
- Re: Query: Why bother with an application proxy over stateful packet filtering? Patrick M. Hausen (Aug 27)
- Message not available
  - Re: Query: Why bother with an application proxy over stateful packet filtering? william fitzgerald (Aug 27)
    - Re: Query: Why bother with an application proxy over stateful packet filtering? K K (Aug 31)
- Re: Query: Why bother with an application proxy over stateful packet filtering? Marcin Antkiewicz (Aug 27)