Re: [fw-wiz] Recommended Open Source Proxy Firewalls



I just finished reading Marcus Ranum's very interesting paper -

http://www.ranum.com/security/computer_security/editorials/deepinspect/index
.html
- comparing "deep packet inspection firewalls" with "proxy firewalls"
and was interested in investigating open source "proxy firewalls". Do
open source proxy firewalls even exist, and if so, which would you
recommend and why? Thank you for your help.

http://www.faqs.org/docs/Linux-mini/TransparentProxy.html

This HOWTO is a great place to start. Even though it is exclusive to Squid,
you can apply the same principles to other proxies including a SOCKS proxy
to handle generic services. Of course, unlike the commercial proxy
firewalls like Raptor and Sidewinder, you will have to build your own rules
and define what behaviors are allowed or prohibited for each proxy. The up
side is that you have a lot more flexibility to control or even replace
proxies with the Linux-based solution.

Before I recommended an actual distro, project, or product, I would
recommend that you build one of your own either in a lab or at home so that
you understand how they work, what they're good at, what they suck at, etc.
Then take those lessons back to work and determine where and how using
proxies is a good fit for your organization. Truth is, Marcus makes a
compelling argument about why proxies are generally superior for security,
but that doesn't mean that the gains will outweigh the effort for you and
your organization.

PaulM

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • ~~~~~~~~~~~~~~ NEW PROXY ~~~~~~~~~~~~~~
    ... 2008 new myspace proxy ... 2009 new internet proxies ... american web proxy new list ... brand new proxy lists ...
    (sci.anthropology)
  • Re: NFS Authentication
    ... I normally use a client such as Chameleon ... >> to a separate 'PCNFS' authentication daemon which then uses the proxy ... >> but it certainly is an ordeal for me to get the proxies right these days. ... Using PCNFS means that you need a username and password to get ...
    (comp.os.vms)
  • [Full-disclosure] Insecure Defaults In PPLiveAV Client
    ... Anyone who has followed public proxy lists in the past year has noticed ... proxies from these public lists. ... and pockets of the US where Chinese is likely to be spoken. ... These proxies are built into the PPLiveAV client to retrieve an internal ...
    (Full-Disclosure)
  • Re: Are There Any Web Based Remailers Left?
    ... my method of a well-applied four-hop proxy (3 Tor ... Header stripping is not anonymity. ... And you won't find my end proxies in Tor's directories! ...
    (alt.privacy)
  • Re: S: IRC-Client mit guter Proxy-Unterstuetzung
    ... Wenn Du mit einer unsicheren Kiste im Netz bist, dann ist ein Proxy nix, ... Denn die Proxies, die es zuhauf in irgendwelchen Listen zu finden gibt ... Für IRC unbrauchbar, wie gesagt. ... Next by Date: ...
    (de.comp.os.unix.apps.misc)