Re: [fw-wiz] proxies for personal firewalls

From: Magosányi Árpád (mag_at_bunuel.tii.matav.hu)
Date: 03/19/04

  • Next message: Jeff Adam: "[fw-wiz] Linux ARPD -- neighbor table overflow" 
    To: "Paul D. Robertson" <paul@compuwar.net>
Date: Thu, 18 Mar 2004 23:51:48 +0000

    A levelezőm azt hiszi, hogy Paul D. Robertson a következőeket írta:
    > From a protection standpoint, it makes more sense to install better
    > applications locally.
    []
    > It's possible that you could gain application protection, especially if
    > you can add per-protocol filtering to the proxy- but the maintenance
    > headache of keeping that updated is probably no worse than that of
    > maintaining the applications directly.

    The main point of firewalling is there _are_ braindead and/or
    badly operated programs out there which need to be protected.
    With a personal firewall you won't have benefits in the
    badly operated case as you have pointed out.

    But for the braindead case it can help.

    And there is another case: in a multilevel host you can use
    application level proxies as a guard, taking apart multilevel
    channels into multiple single level channels and redirecting
    them to the correct place in-house.
    A real-world example can be a one-ip multiple-virtualhost
    http proxy which redirects the traffic to one of the multiple
    web servers each sitting in its chrooted sandbox.
    This case may not actually counts as a personal firewall,
    working out cases which do is left as an exercise for
    the reader, based on their definition of "personal". 

    -- 
GNU GPL: csak tiszta forrásból
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Jeff Adam: "[fw-wiz] Linux ARPD -- neighbor table overflow"

    Relevant Pages

    • Re: Personal Firewalls
      ... automatically report abuse to ISP's and to the DShield.org web site. ... BlackICE PC Protection ... malicious activity in both applications and Internet protocols. ... Freedom Personal Firewall ...
      (Security-Basics)
    • Re: H.D. content visible on web
      ... or you have a proxy which strips it out. ... I think that BlackIce is of limited utility; ... I believe gives me more protection than an IDS. ... of a personal firewall to be snake oil. ...
      (comp.security.firewalls)
    • Re: Virus shuts down.
      ... | I'm not trying to run multiple AV's, I just want my real time protection ... All of the scanners are "On Demand". ... By using the multiple versions it may just find what is the root of the ... to the anti virus software having signatures for it. ...
      (microsoft.public.windowsxp.general)
    • Re: Virus shuts down.
      ... | I'm not trying to run multiple AV's, I just want my real time protection to ... By using the multiple versions it may just find what is the root of the problem. ... to the anti virus software having signatures for it. ...
      (microsoft.public.windowsxp.general)
    • Re: Why do I need a software firewall?
      ... > seeking protection when they are also able to manage that personal ... If a "Personal Firewall" is used as an IDS from people who know what ... this has nothing to do with security, ... >> This is just nonsense. ...
      (comp.security.misc)