Firewall Wizards mailing list archives
Re: Proxies, opensource and the general market: what's wrong with us?
From: ArkanoiD <ark () eltex net>
Date: Fri, 29 Apr 2011 18:09:27 +0400
On Fri, Apr 29, 2011 at 10:22:45AM +0200, Claudio Telmon wrote:
Proxies have been mostly put on top of an operating system's tcp/ip stack, but I wouldn't say that this is a benefit, it's just simpler.
Actually it *IS* a benefit. By eliminating direct packet flow you do not need to care about bad things sneaking in TCP and below, actually it is the only way to *reliably* ensure that we see similar data on the firewall and the endpoint.
Also, having more devices (e.g. separating a packet filter from a proxy, and from a VPN concentrator, etc.) means more complexity and more errors/bugs.
Sometimes it is just more reliability, depends on how you do implement that :-) I see little to no reason to combine VPN concentrator and firewall in the single box, despite the fact it is most popular way to do it. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Proxies, opensource and the general market: what's wrong with us? ArkanoiD (May 01)
- Re: Proxies, opensource and the general market: what's wrong with us? Claudio Telmon (May 02)
- <Possible follow-ups>
- Re: Proxies, opensource and the general market: what's wrong with us? ArkanoiD (May 01)