mailing list archives
RE: on-the-fly-analysis vs. proxy rewrites
From: "Behm, Jeffrey L." <BehmJL () bvsg com>
Date: Wed, 8 Feb 2006 17:38:35 -0600
On Wednesday, February 08, 2006 1:27 AM, Darren Reed so wrote:
On Tuesday, February 07, 2006 12:50 PM, Dave Piscitello so spake:
An interesting exercise for this list - possibly a new thread? - is
"what security policies are best enforced by implementing
analysis" versus "what security policies are best enforced by proxy
How is one different to the other ?
How is a proxy not doing something "on the fly" ?
My sometimes jaded view is that the proxy rewrites the traffic to
conform to whatever the proxy writer wrote. Hopefully, that matches up
with some standard protocol to _provide_ the security. I.E. You get the
security from the proxy writer having rewritten your traffic. It's doing
*something,* true, but it's not "checking" anything. It's just not
re-writing any *bad* stuff.
firewall-wizards mailing list
firewall-wizards () honor icsalabs com