[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    MS Proxy as a firewall?]
From:       Jeff Simms <jsimms () auracom ! com>
Date:       1997-01-30 13:33:02
[Download RAW message or body]

Mike Blaser wrote:

Some bright spark within the organisation has suggested using MS Proxy
Server as the company's firewall solution.  I've tried to locate
information as to why this is not such a great idea but articles
specifically regarding this product do not appear to be readily
available
(the article in Tempest was useful in this respect but that was about
it).  We know all the obvious points like the fact that it's not running
on a hardened OS and its poor reporting capabilities but trying to
explain these points to a non-security oriented management section is
difficult.  Can anyone else think of objections to using MS Proxy in
this
manner (sooner rather than later.  I have to lay down the law this
afternoon, so to speak).

-----------------------------------------------------------------------

MS Proxy Server is just what it says, a proxy server.  Firewalls come in
3 types: packet filters, circuit-level gateways and application
gateways.  If all you want to do is filter packets then MS Proxy Server
is great.  If you want to totally protect your network the use of the
last two gateways is essential.  Then there also is the fact that
running a firewall on NT may not be the best way to go.  If its money
your concerned about, then by all means put a proxy/firewall server on
NT, but if its network security your concerned about, buy a hardened OS
firewall ... Ill never understand why ppl try to secure a network by
putting a firewall on top of NT, which has its own share of bugs, which
menas that the firewall not only has to fight off unwanted traffic but
fight the NT kernel.  With a hardened OS, the kernel is the firewall,
and all uneeded code is removed to better protect the firewall.  


Jeff Simms
Network Services Manager
auracom Internet Services

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic