One good thing about a proxy is the ablility to strip and define rules. Nimda Virus is a good example. When it can get on a web server it will write a javascript that will open a window out of the screens view that then opens the readme.eml which blah blah can then effect the machine browsing on. With a proxy you can define things to strip out of a page and never make it to the client. Just one plus of proxy. Also you can strip out those annoying banner ads and stuff Matt ----- Original Message ----- From: "Eric Daigneault" <scouby@vacv.com> To: <security-discuss@linuxsecurity.com> Sent: Tuesday, November 20, 2001 10:42 AM Subject: Re: With or without proxy ! > At 10:00 AM scouby@vacv.com -0500, you wrote: > > Ok, sorry, I was trying to make short n sweet ! > > Ok, for the purpose of the situation, let's consider I'm pretty good in > securtity architecture and > firewalling. > > I've never been a fan of the proxying technologie, for a lot of reasons ! > And I have never used any on the architectures I have built before. > > Let consider a architecture looking like the plan1 attach here ! > > If i put my mail server in the local DMZ, there is two way to make it > accessible from the internet, POT (Port Adress Translation) or by proxy. > The same if I want to let the user access the web (80). I can make it > straight out with filtering or by proxy... And so go on for every > single internet services ! > > So, now i'm asking, why should I use a proxy... Is it really better, or not ? > > > > >Eric, > > > > > I'm working on a security architecture, and I need some opinions ! > > > > > > It's simple... with or without proxy ! > > > >You'll really need to do some research before someone can give you an > >educated response. The term "proxy" is very broad and depends on your > >environment, users, bandwidth, should be part of a firewall system, etc. > > > >Start by reading the firewalls FAQ: > >http://www.linuxsecurity.com/resource_files/firewalls/fwfaq/firewalls-faq.h tml > > > >Best, > >Dave > > > >-- > >Dave Wreski > >Corporate Manager Guardian Digital, Inc. > >(201) 934-9230 Pioneering. Open Source. Security. > >dave@guardiandigital.com http://www.guardiandigital.com > >------------------------------------------------------------------------ > > To unsubscribe email security-discuss-request@linuxsecurity.com > > with "unsubscribe" in the subject of the message. > > Eric Daigneault > Administrateur Systemes > Vacances Air Canada > > -- Play with the best, die like the rest -- > > -- Binary/unsupported file stripped by Listar -- > -- Type: application/msword > -- File: Plan 1.doc > > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
