Re: [fw-wiz] on-the-fly-analysis vs. proxy rewrites



On Wednesday, February 08, 2006 1:27 AM, Darren Reed so wrote:

On Tuesday, February 07, 2006 12:50 PM, Dave Piscitello so spake:

An interesting exercise for this list - possibly a new thread? - is
"what security policies are best enforced by implementing
"on-the-fly
analysis" versus "what security policies are best enforced by proxy
rewrites".

How is one different to the other ?

How is a proxy not doing something "on the fly" ?

My sometimes jaded view is that the proxy rewrites the traffic to
conform to whatever the proxy writer wrote. Hopefully, that matches up
with some standard protocol to _provide_ the security. I.E. You get the
security from the proxy writer having rewritten your traffic. It's doing
*something,* true, but it's not "checking" anything. It's just not
re-writing any *bad* stuff.

That is still "on the fly". The original question (however flawed it
was), wanted to compare "on the fly" vs proxy. I'd assert that in
nearly all cases, except for SMTP, the proxy IS "on the fly".

Darren
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: get ip
    ... |> 1) You didn't read my posts because I never mentioned security. ... | scans all-be-it if the access is through a proxy then there is no ... it goes to the local intranet server for that location. ... for future verification. ...
    (microsoft.public.scripting.jscript)
  • Re: Thousands of 537 Events in Security Log
    ... I managed to get the Messaging Security Agent to install by not installing ... I have configured proxy settings for both Update and Tracking and Web ... An error occurred during logon ...
    (microsoft.public.windows.server.sbs)
  • Re: Comodo blocking port forwarding
    ... on port 80 via a proxy, and the proxy does both DNS forwarding and HTTP proxying. ... Would you persuade people not to use AV? ... That is, if they really decide to use a virus scanner, I'd persuade them to not rely on it as a security measure, since most of them do. ... And now a wrong analogy between the analogue and the digital world, as well as a wrong analogy between biological diseases and computer security problems. ...
    (comp.security.firewalls)
  • Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
    ... The proxy servers have inbound/outbound filter settings dictiated by ... > IT Security, applied by server admins. ... > traffic and port/protocol filters set to back up the proxys filters. ...
    (Firewall-Wizards)
  • Stunnel Problems
    ... I am having a problem with Stunnel whilst attempting to do a reverse ... ssl Proxy. ... (both on linux and windows) ... IT Security Consultant, UK ...
    (Pen-Test)