> -----Original Message-----
> From: Joe Cooper [mailto:joe@swelltech.com]
> As you
> may know, though, many folks mistakenly believe that sending
> everything
> through a 'proxy' (no matter what kind of proxy) is somehow
> inherently
> more secure than a correctly firewalled and segmented
> network...
Given the quality of apps that I see on a day to day basis, and a definition of firewall that limits the changes to layer3, maybe 4, then I'm willing to argue this one anytime.
The security point of a proxy is that it can
A) Remove/prevent known compromises of applications
B) Enforce the rules of the protocol
Both of which can greatly aid security. For example: squid can filter nimda attacks before they get near IIS servers (in acceleration mode).
Rob
Received on Wed Feb 27 2002 - 05:57:08 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:33 MST