Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

RE: on-the-fly-analysis vs. proxy rewrites
From: "Behm, Jeffrey L." <BehmJL () bvsg com>
Date: Wed, 8 Feb 2006 17:38:35 -0600

On Wednesday, February 08, 2006 1:27 AM, Darren Reed so wrote:

On Tuesday, February 07, 2006 12:50 PM, Dave Piscitello so spake:

An interesting exercise for this list - possibly a new thread? - is 
"what security policies are best enforced by implementing
analysis" versus "what security policies are best enforced by proxy 

How is one different to the other ?

How is a proxy not doing something "on the fly" ?

My sometimes jaded view is that the proxy rewrites the traffic to
conform to whatever the proxy writer wrote. Hopefully, that matches up
with some standard protocol to _provide_ the security. I.E. You get the
security from the proxy writer having rewritten your traffic. It's doing
*something,* true, but it's not "checking" anything. It's just not
re-writing any *bad* stuff.
firewall-wizards mailing list
firewall-wizards () honor icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]