[lug] Re: [BLUG-ANNOUNCE] BLUG Meeting Summary for March 9, 2000
Chuck Phillips
cdp at peakpeak.com
Thu Mar 16 20:57:49 MST 2000
Wayde Allen writes:
> There were various questions on proxy vs. filtering firewalls (proxies are
> considered passe), ...
Not always. As Kevin pointed out, a caching proxy, like "squid", is often
used for performance reasons.
Further, an _application-level_ proxy (e.g., not SOCKS:-) can provide
increased security -- provided the proxy server and the hosting machine do
not create new holes. It's generally easier to lock down one application
and one host than it is to lock down a hundred PCs with varying web/ftp
clients, Operating Systems, and configurations. Even if they start out
identically configured, computers tend to drift apart over time and under
the influence of different users with different needs. Squid also offers a
degree of anonymizing client info. I expect there are other proxy servers
with similar features, but squid is the only one with which I have much
experience.
Packet filters like (ipf/ipfwadm/ipchains/netfilter) and application level
proxies (like squid) can do a lot more for security when combined than
either can alone. It's not like you have to (or should) omit one if you
use the other.
Just MHO,
Chuck
More information about the LUG
mailing list