Date: Fri, 20 Mar 1998 10:53:26 -0500 (EST) From: Bryan Swann <swann@nosc.mil> To: Open Systems Networking <opsys@mail.webspan.net> Cc: Graphic Rezidew <rezidew@rezidew.net>, freebsd-security@FreeBSD.ORG Subject: Re: I need some proxies! :) Message-ID: <Pine.GSO.3.96.980320104749.1906E-100000@mailbox> In-Reply-To: <Pine.BSF.3.95.980319225655.27067A-100000@orion.webspan.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I too have had runins with local network security specialists that know very little about security. Generally they are more concerned about the locks on the doors that protect the systems from a few people versus the network security that protects the systems from millions of people. However, a seperate web proxy is often a good idea, especially for a large corporate office. Even with the latest hardware and proxy firewall, it is difficult for the firewall to meet the demand for throughput on a fast serial connection. The SQUID proxy server not only proxies the web data, it will cache the information for future access. This could significantly reduce the amount of data managed by the firewall. __________________________________________________________________________ | Bryan Swann (swann@nosc.mil) 803/566-0086 803/554-0015 (Fax) | | Eagan McAllister Associates, Inc. | | | | "Everything must be working perfectly, cause I don't smell any smoke" | -------------------------------------------------------------------------- On Thu, 19 Mar 1998, Open Systems Networking wrote: > On Thu, 19 Mar 1998, Graphic Rezidew wrote: > > > Open Systems Networking wrote: > > > > > > I hate anti-commercial licenses :) > > > > > > I'm about to build a security/internet connection for a local corp. > > > That goes a little something like this: > > > > > > Internet--->IPFW/NAT server--->proxy server/SKIP--->Internal lan. > > > > > > > Just out of curiosity, why would you need a proxy on the "inside" of the > > ''firewall''? I could see using it in select situations, but you may be > > walking up a hill that you don't need to. > > Funny you should ask :) thats the EXACT same thought I had. I'd rather run > the proxies ON the firewall machine. BUT in order to sell them this idea i > have to comply with their corporate IT security dept. specs. > I have little respect for most "security professionals" people anyway, and > to me this seems futile and just extra work, but im sure somewhere someone > can bring ONE valid point for this. It just eludes me right now. > But yes the main reason is too sell them this idea and bag this contract i > have to follow their corporate security plan. (READ pain in the ass). > > Chris > > -- > "I am closed minded. It keeps the rain out." > > ===================================| Open Systems Networking And Consulting. > FreeBSD 2.2.5 is available now! | Phone: 316-326-6800 > -----------------------------------| 1402 N. Washington, Wellington, KS-67152 > FreeBSD: The power to serve! | E-Mail: opsys@open-systems.net > http://www.freebsd.org | Consulting-Network Engineering-Security > ===================================| http://open-systems.net > > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.6.2 > > mQENAzPemUsAAAEH/06iF0BU8pMtdLJrxp/lLk3vg9QJCHajsd25gYtR8X1Px1Te > gWU0C4EwMh4seDIgK9bzFmjjlZOEgS9zEgia28xDgeluQjuuMyUFJ58MzRlC2ONC > foYIZsFyIqdjEOCBdfhH5bmgB5/+L5bjDK6lNdqD8OAhtC4Xnc1UxAKq3oUgVD/Z > d5UJXU2xm+f08WwGZIUcbGcaonRC/6Z/5o8YpLVBpcFeLtKW5WwGhEMxl9WDZ3Kb > NZH6bx15WiB2Q/gZQib3ZXhe1xEgRP+p6BnvF364I/To9kMduHpJKU97PH3dU7Mv > CXk2NG3rtOgLTEwLyvtBPqLnbx35E0JnZc0k5YkABRO0JU9wZW4gU3lzdGVtcyA8 > b3BzeXNAb3Blbi1zeXN0ZW1zLm5ldD4= > =BBjp > -----END PGP PUBLIC KEY BLOCK----- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.96.980320104749.1906E-100000>