Re: How to setup secure developement environment with Internet access?
From: Alexander Muratov (alexvirtNOSPAM_at_yahoo.com)
Date: 02/10/05
- Next message: Modem Ani: "Re: Mystery email"
- Previous message: Bwillyerd: "Publish MBSA Results in Web Format"
- In reply to: hal_at_nospam.com: "Re: How to setup secure developement environment with Internet access?"
- Next in thread: Roger Abell: "Re: How to setup secure developement environment with Internet access?"
- Reply: Roger Abell: "Re: How to setup secure developement environment with Internet access?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Feb 2005 14:49:29 -0500
Most firewalls use IP addresses in rules, isn't it? IMHO proxy is better for
audit of Web traffic.
Best regards,
Alex.
<hal@nospam.com> wrote in message
news:d8cn01175v38rlf6svipiahgksd4qqdnol@4ax.com...
> On 9 Feb 2005 18:01:34 -0800, "Dana" <dyw55a@yahoo.com> wrote:
>
>>Thanks for all your reply. Now you remind me that actually a lot of
>>company do force their machine to be proxy clients. Could you tell me
>>how large this allowed destination list could be? Or could you just
>>setup up the sites that we do not allow to access?
>>The other problem is that those wanting the protection/restriction only
>>want to control the access to have better security and might not think
>>about productivity thing. As developer, we might want to give them
>>some suggestion and work with them in order to keep internet access in
>>the developement environment.
>
> You don't need to use a proxy server to do this. All firewalls
> (AFAIK) have rules lists based on source, destination, and protocol.
> Create a network group object in your firewall that includes all your
> dev group. Create a rule in your FW allowing this group to access
> msdn and nothing else. Problem solved. Management is happy, dev can
> get to msdn. If they need other sites for support access, they can
> write a justification to management, and with their permission, you
> can add any numbers of sites to your permitted access list. This way
> everyone gets what they want, you you get your *** covered.
>
> Hal
>
>>
>>Again,
>>thanks,
>>Dana
>>
>>Roger Abell wrote:
>>> One way would be to force their machines to be proxy clients,
>>> so that all internet access must go through the proxy, such as ISA
>>> Server. There it would be possible to have an allowed destination
>>> list, i.e. msdn.microsoft.com on port tcp 80, and perhaps others.
>>> As was said, it is a matter of those wanting the
>>protection/restriction
>>> to decide between the cost of lost productivity (including skillset
>>> evoluton) vs the cost of facilitating their controlled access to dev
>>> resources.
>>>
>>> --
>>> Roger
>>> "Dana" <dyw55a@yahoo.com> wrote in message
>>> news:1107891584.850311.317260@o13g2000cwo.googlegroups.com...
>>> > Roger,
>>> > Thank you for your reply also. You are very correct and I
>>really
>>> > worry about the productivity problem. Personally, I actually never
>>see
>>> > any dev environment with no internet access. But do you know how
>>the
>>> > people handle this in general?
>>> >
>>> >
>>> > thanks a lot,
>>> > Dana
>>> >
>
- Next message: Modem Ani: "Re: Mystery email"
- Previous message: Bwillyerd: "Publish MBSA Results in Web Format"
- In reply to: hal_at_nospam.com: "Re: How to setup secure developement environment with Internet access?"
- Next in thread: Roger Abell: "Re: How to setup secure developement environment with Internet access?"
- Reply: Roger Abell: "Re: How to setup secure developement environment with Internet access?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
