Firewall Wizards mailing list archives
Re: Cacheflow Appliance
From: "Chris St. Clair" <chris_stclair () hotmail com>
Date: Thu, 01 Feb 2001 16:57:42 -0000
Hi folks,Does anybody have any good or bad experiences with implementing and >managing the Cacheflow appliance. My company are considering using
Overall, it's a pretty secure appliance. Relatively easy to setup and maintain.
increased performance for outgoing Web based access. I have been sent >the details of a Security report carried out by Hiverworld, that >suggested you could run the Cacheflow in parallel to the your >companies enterprise Firewall. (i.e. by-passing the firewall) The report suggests that because the Cacheflow OS is propriety and >does not allow inbound connection attempts. That it will "outscore" a
This is certainly an option; and that is definitely a benefit of the Cacheflow; the ability to make the external interface dead to the world. This buys you quite a bit in terms of protection from attacks when it does sit in parallel with your perimeter firewall. However, you would still do well to add some filtering rules on your border router in case someone misconfigures the Cacheflow down the road and brings that external interface up. As for the report from Hiverworld suggesting security based on the proprietary OS, I would take that point with a grain of salt. It may be a proprietary OS, but at heart it's still an x86 based processor (a well known CPU instruction set) running a modified version of squid(original source is readily available). Both of which can be dug into by anyone with a clue, giving you much more to work with, than say, Cisco's IOS.
I'm a bit uncomfortable with this approach, we have used application
As long as you're a bit uncomfortable, you'll do just fine. Start worrying when you're not uncomfortable anymore :-) Good luck, and hope this helps. -chris _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Cacheflow Appliance Chris St. Clair (Feb 01)
- Re: Cacheflow Appliance Kaptain (Feb 01)
- <Possible follow-ups>
- Re: Cacheflow Appliance Chris St. Clair (Feb 01)
- Re: Cacheflow Appliance Kaptain (Feb 01)