Re: [fw-wiz] on-the-fly-analysis vs. proxy rewrites
- From: Darren Reed <darrenr@xxxxxxxxxxxxxxxxx>
- Date: Sat, 11 Feb 2006 01:55:13 +1100 (EST)
On Wednesday, February 08, 2006 1:27 AM, Darren Reed so wrote:
"on-the-flyOn Tuesday, February 07, 2006 12:50 PM, Dave Piscitello so spake:
An interesting exercise for this list - possibly a new thread? - is
"what security policies are best enforced by implementing
analysis" versus "what security policies are best enforced by proxy
rewrites".
How is one different to the other ?
How is a proxy not doing something "on the fly" ?
My sometimes jaded view is that the proxy rewrites the traffic to
conform to whatever the proxy writer wrote. Hopefully, that matches up
with some standard protocol to _provide_ the security. I.E. You get the
security from the proxy writer having rewritten your traffic. It's doing
*something,* true, but it's not "checking" anything. It's just not
re-writing any *bad* stuff.
That is still "on the fly". The original question (however flawed it
was), wanted to compare "on the fly" vs proxy. I'd assert that in
nearly all cases, except for SMTP, the proxy IS "on the fly".
Darren
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- RE: [fw-wiz] on-the-fly-analysis vs. proxy rewrites
- From: Behm, Jeffrey L.
- RE: [fw-wiz] on-the-fly-analysis vs. proxy rewrites
- Prev by Date: Re: [fw-wiz] on-the-fly-analysis vs. proxy rewrites
- Next by Date: RE: [fw-wiz] on-the-fly-analysis vs. proxy rewrites
- Previous by thread: RE: [fw-wiz] on-the-fly-analysis vs. proxy rewrites
- Next by thread: RE: [fw-wiz] on-the-fly-analysis vs. proxy rewrites
- Index(es):
Relevant Pages
|
|
