Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cacheflow Appliance

From: "Chris St. Clair" <chris_stclair () hotmail com>
Date: Thu, 01 Feb 2001 16:57:42 -0000
Hi folks,
Does anybody have any good or bad experiences with implementing and >managing the Cacheflow appliance. My company are considering using 

Overall, it's a pretty secure appliance. Relatively easy to setup
and maintain.
increased performance for outgoing Web based access. I have been sent >the details of a Security report carried out by Hiverworld, that >suggested you could run the Cacheflow in parallel to the your >companies enterprise Firewall. (i.e. by-passing the firewall) The report suggests that because the Cacheflow OS is propriety and >does not allow inbound connection attempts. That it will "outscore" a 

This is certainly an option; and that is definitely a benefit of the
Cacheflow; the ability to make the external interface dead to the
world. This buys you quite a bit in terms of protection from attacks
when it does sit in parallel with your perimeter firewall. However,
you would still do well to add some filtering rules on your border
router in case someone misconfigures the Cacheflow down the road
and brings that external interface up.

As for the report from Hiverworld suggesting security based on the
proprietary OS, I would take that point with a grain of salt. It may
be a proprietary OS, but at heart it's still an x86 based processor
(a well known CPU instruction set) running a modified version of squid
(original source is readily available). Both of which can be dug into by anyone with a clue, giving you much more to work with, than say, Cisco's IOS. 


I'm a bit uncomfortable with this approach, we have used  application


As long as you're a bit uncomfortable, you'll do just fine. Start
worrying when you're not uncomfortable anymore :-)

Good luck, and hope this helps.

-chris
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: