Security Basics mailing list archives
RE: Proxy & Firewall Implementation
From: "Conlan Adams" <conlan () mebtc org>
Date: Thu, 13 Jan 2005 13:56:45 -0500
If they want to implement a proxy server, with the intent of keeping an eye on or restricting traffic, what works well is to put it on the main network behind the firewall, and allow only port 80 and 443 traffic to go through the firewall from that machine. That way if anyone tries to remove the proxy settings they cant get out. Another suggestion on the firewall front, check out the watchguard products, if it's a decent size network (50-100 users or more) they are a very nice option. The reason some folks put all of their externally available servers outside the network in a dmz, is to protect the rest of the network incase something gets compromised. There are good and bad things to that. Another option, is put a mail relay in the dmz, do the spam and virus sifting on that machine then have it forward into the internal network for speed of access. Good luck Conlan Adams -----Original Message----- From: John [mailto:naverxp () yahoo com sg] Sent: Wednesday, January 12, 2005 8:04 PM To: security-basics () securityfocus com Subject: Proxy & Firewall Implementation Hi I'm a fresh graduate in System Administrator field. Recently, with much of luck, i was recommended to a company to implement a firewall system to their network infrastructure. I hope to pick some experience from this forum as to how people in here might consider different circumstances when placing their proxy server inside a protected network (behind the firwall) or before the firewall. Would i need two firewalls? (i'm considering the Cisco FW, and CyberGuard FW). During my research, i found a documentation written by a blackhat whom suggested to allocate DMZ most of my services (httpd, mail, etc) outside the internal network and make redundancies everynight. My 2nd question, why did he suggested that? why expose my services outside the network where my information are Live and exposed to the risk of being compromised. John
Current thread:
- Proxy & Firewall Implementation John (Jan 13)
- Re: Proxy & Firewall Implementation florian leibert (Jan 13)
- RE: Proxy & Firewall Implementation David Gillett (Jan 14)
- <Possible follow-ups>
- RE: Proxy & Firewall Implementation Conlan Adams (Jan 14)
- Re: Proxy & Firewall Implementation miguel . dilaj (Jan 14)