Great Circle Associates Firewalls
(March 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: virus scanning for Internet
From: peter @ nmti . com (Peter da Silva)
Date: Wed, 20 Mar 1996 19:32:16 -0600 (CST)
To: scott @ di2 . disclosure . com (Scott Barman)
Cc: firewalls @ GreatCircle . COM
In-reply-to: <Pine . SUN . 3 . 91 . 960320143718 . 28595B-100000 @ di2> from "Scott Barman" at Mar 20, 96 03:44:48 pm 
> (gee... how many people are going to flame me this time!  :-)

Not me.

> This being said, I was wondering if anyone else got the impression that
> people are trying to make firewalls do more than they really should?

Yes, but... if you have a caching proxy in the DMZ it's effectively
part of the firewall (scenario: it gets hacked and someone starts
tracking your web accesses and feeding you disinformation), no?

I would recommend putting the HTTP cache inside, as just another internal
service. I'm running the CERN server behind the firewall as both a cache
and our internal web server. That way it's not exposed, and doesn't have
to be treated as a component of the security perimeter.
References:
Indexed By Date Previous: Re: PKUNZIP TROJAN
From: peter @ nmti . com (Peter da Silva)
Next: Re: PKUNZIP TROJAN
From: Xavier <xavier @ locke . ccil . org>
Indexed By Thread Previous: Re: virus scanning for Internet
From: Scott Barman <scott @ di2 . disclosure . com>
Next: Re: virus scanning for Internet
From: Grant . Goodman @ sunalliance . com
Google
 
Search Internet Search www.greatcircle.com