[Gllug] Linux Firewall
Doug Winter
doug at pigeonhold.com
Wed Jul 20 08:54:47 UTC 2005
Paul Kathro wrote:
> I'm about to start a project which needs a cheap but effective firewall. I
> have been reading conflicting reports regarding application proxy firewalls
> and was was hoping to hear some of your opinions on the subject.
Depends on what you are trying to protect against. I don't think
there's any doubt that application level (proxy) firewalls are the most
secure when properly implemented, but it's another layer of stuff that
can break.
A decent stateful filter provides sufficient security for most people,
but if you are expecting a higher frequency of attacks, or more skilled
attackers, then you might want to consider a proxy. In that case you
would want to run filters on the main server as well of course, since
your proxy box is at least partially sacrificial.
There are other reasons you might choose to run a proxy of course, such
as caching acceleration, but that wasn't in your question :)
Cheers,
Doug.
--
6973E2CF: 2C95 66AD 1596 37D2 41FC 609F 76C0 A4EC 6973 E2CF
http://adju.st/
Paul was right
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list