On Mon, 21 Aug 2006, Tim Shea wrote:
> And you can equally argue that proxies were never good to begin
> with. Really - the majority of applications out there have no real
I've got clients who at least have some benefit from running HTTP through
a proxy and stopping various MIME types. It's not perfect by any stretch
of the imagination, but it stops a fair volume of malware/spyware daily.
> layer 7 level proxy so you have to tackle the problem from other
> directions. And the off the shell proxies (smtp, dns, http, etc)
> don't offer much value since these applications have been tested to
With a proxy, DNS doesn't go down to the client- that's a huge win in the
anti-tunnel arena. Where I have clients who do MS Exchange internally,
the SMTP proxy keeps them from spewing SMTP from an infected client as
well...
> death or the application isn't anymore "protected". What is the
> point of recommending a solution that doesn't exist? I am a fan of
> proxies but the reality is the firewall - whether it be proxy or
> other - is only a small part of the equation.
>
A chance to arbitrate the conversation isn't necessarily a bad thing-
especially if you can't control the end nodes.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul_at_compuwar.net which may have no basis whatsoever in fact."
http://fora.compuwar.net Infosec discussion boards
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Aug 21 2006
Intro
