RE: suggestions for proxy server to run on w2003 box..

From: Gillo, Wayne (wayne.gillo_at_dc3.mil)
Date: 01/10/05

  • Next message: Tiroa Yann: "RE: Anti-spyware Beta from Microsoft available"
    Date: Mon, 10 Jan 2005 06:59:53 -0500
    To: "Murad Talukdar" <talukdar_m@subway.com>, <focus-ms@securityfocus.com>
    
    

    Murad,

    Sorry that it wasn't clear. What I meant was that if you hack SQUID to
    work with IE (non-RFC compliant browser), then other RFC compliant
    browsers such as Firefox and Mozilla will go slow through SQUID.
    However, IE will perform quickly with SQUID when these have been
    applied. Basically, to make one thing work, you have to break another,
    but if you are using IE6 only, the other browsers wouldn't matter.

    You may try running an "unhacked" SQUID box and setting your IE6 under
    Tools/Options/Advanced to "Use HTTP 1.1 through proxy connections."
    This setting is under "HTTP 1.1." It is supposed to make IE6 RFC
    compliant, but I have had mixed results using it.

    Hope this helps,
    Wayne

    -----Original Message-----
    From: Murad Talukdar [mailto:talukdar_m@subway.com]
    Sent: Sunday, January 09, 2005 8:41 PM
    To: Gillo, Wayne; focus-ms@securityfocus.com
    Subject: RE: suggestions for proxy server to run on w2003 box..

    Unfortunately we have to use IE6 as we have citrix apps which will not
    run
    under mozilla etc.

    I might be a bit dense here but you said:

    >> but since IE is not RFC compliant, it runs
    slow using SQUID. There are hacks that you can do to make it perform
    better, but then RFC compliant browsers run slowly...

    So are you saying that both RFC compliant and NON-RFC compliant browsers
    run
    slow using Squid?
    Thanks for the suggestions though--I'd heard a few good things about
    wingate
    and as we probably won't get past 50 in the office ever I may check it
    out.

    Murad
    -----Original Message-----
    From: Gillo, Wayne [mailto:wayne.gillo@dc3.mil]
    Sent: Saturday, January 08, 2005 5:42 AM
    To: Murad Talukdar; focus-ms@securityfocus.com
    Subject: RE: suggestions for proxy server to run on w2003 box..

    Murad,

    It depends on what browser you are planning to use. SQUID is an
    excellent and free solution, but since IE is not RFC compliant, it runs
    slow using SQUID. There are hacks that you can do to make it perform
    better, but then RFC compliant browsers run slowly...

    If you are entirely in a Microsoft environment, ISA works fine, but does
    cost a bit ($1500 for ISA plus Windows to run it on). It will at least
    work efficiently with IE as well as other browsers.

    Wingate <http://www.wingate.com/product-wingate.php> is also an
    excellent solution to look into. It's good for smaller environments and
    you can download a trial version (30 days) to see if it fits your needs.
    If you have a low count of users, it is more cost effective than ISA,
    but can quickly escalate to be more expensive in a larger environment.

    You could also look into an appliance with a built-in firewall/proxy
    server such as the Borderware Firewall Server
    <http://www.borderware.com/products/bfs/>. I have no idea what they
    cost, but they have received the Common Criteria EAL4+ Certification.
    Here's their spiel:

    The First Certified Secure Firewall
    For more than ten years, the BorderWare Firewall Server has secured
    thousands of organizations around the globe. A Certified Secure
    solution, the BorderWare Firewall Server was the first firewall to
    achieve Common Criteria EAL 4+ certification. It is designed to secure
    your company from network level threats and attacks that come from the
    internet.

    Powerful & Flexible Control
    Based on S-Core(tm) OS, a hardened operating system, the Firewall Server
    secures your organization with hybrid proxy technology, offering
    powerful and flexible control over all inbound and outbound network
    traffic.

    Easy To Use
    The BorderWare Firewall Server is easy to use, and has built-in logic to
    protect organizations against mis-configuration - a common source of
    security vulnerabilities. At the same time, the Firewall Server provides
    maximum flexibility for the most stringent requirements.

    Regards,
    Wayne

    -----Original Message-----
    From: Murad Talukdar [mailto:talukdar_m@subway.com]
    Sent: Thursday, January 06, 2005 10:22 PM
    To: focus-ms@securityfocus.com
    Subject: suggestions for proxy server to run on w2003 box..

    Hi, I was hoping I could get some suggestions as to what kind of proxy
    server would be best to use to control access (as well as be used as
    proxy
    server) for sharing a 2Mb connection. We have a LAN with 30-40 users and
    need to control 10-15 of them to the point of only allowing certain
    sites.

    I was thinking of loading it onto a W2003 box.

    I was thinking ISA but not sure if I can convince bean counters of the
    benefit.

    Thanks

    Kind Regards
    Murad Talukdar

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ---
    **********************************************************************
    This email and any files transmitted with it are confidential and
    intended solely for the use of the individual or entity to whom they
    are addressed. If you have received this email in error please notify
    the system manager.
    This footnote also confirms that this email message has been swept by
    MIMEsweeper for the presence of computer viruses.
    www.mimesweeper.com
    **********************************************************************
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Tiroa Yann: "RE: Anti-spyware Beta from Microsoft available"