RE: Web logging

[Omar Salvador Alcalá Ruiz <oalcala () scitum com mx>]

Well, with a transparent proxy yo may not suffer at all. An explicit proxy
makes it hard to overcome when the proxy dies, since all your hosts are
pointing to the proxy (here the explicit name), unless you manage many
proxies by HSRP.

With a transparent one, you rely on a Layer 3 switch or a router, where you
redirect all your proxied traffic to your proxy. The client doesnt notice
that, and with a simple ACL you can redirect all the desired traffic to and
from the proxy (here the transparent name). If you have a firewall
restricting all internet access to everything but your proxy, you may want
to have an "panic" disabled rule in case an emergency occurs.

If you use solutions like Blue Coat, you may have failover. HSRP will also
do, if you don't have problems by having two or proxies instead of one.

Hope this help

OA


-----Original Message-----
From: Stephane Auger
To: security-basics () securityfocus com
Sent: 14/11/2004 09:44 a.m.
Subject: Web logging

Hey guys,

  First off I want to thank all of you for your input on my Web logging
issue, I've been looking in many different solutions since.  Now, here's
a second question that's a follow-up on the first one... a lot of you
told me to use a proxy, or proxy-like server on the network.  Only issue
is, doesn't that create a single point of failure?  If that machine
dies, nobody will be able to access the net.  How would you address this
issue?  Thanks again for your input!

Stephane Auger