At Digital, we don't use filtering routers, but rather a system
with the screen daemon running. While the router solution seems
to be nearly as configurable, we believe we get more logging of
information and have more options than a router does.
We use proxy ftp and telnet which are configurable to allow ftp
in only one direction or both (all configurable based on IP address
and so on) and no special software is needed on the client
machines -- it's all handled on the application server. Also,
the software is written to allow for authentication if
desired (for example with Digital Pathways encryption cards,
etc.).
This is all explained in detail in the documents Marcus pointed
to.
F
|
|
