At 10:18 AM 7/29/96 -0500, Dale Lancaster wrote:
>Sounds like a duplicate to our GSP. ...
>
>>>Our GSP would handle these. Not sure what a new proxy would do to secure
>>>them any further.
>>
>>A proxy would allow one to make outgoing connections to remote printers (vs.
>>faxing) or in from the internet for remote users to connect to the mail
server.
>>
>O.K., our GSP handles this, I'm not sure why a specific proxy is required.
Specific proxies are application gateways. Generic proxies are not. They
are less granular, and so allow for less control by the firewall
administrators. Application specific proxies should always -- according to
our philosophy -- be used rather than generic proxies. Control at the
application level -- at the data level -- is more granular and, so, can
provide more control.
A generic proxy, such as the "plug gateway" in the Gauntlet firewall or the
authenticated circuit gateway, are better than a direct IP connection
controllable by a filter (dynamic, full-of-state, or otherwise), but not as
good as an application gateway. That is why we discourage the use of the
plug-gw as a proxy to handle "everything else." A generic TCP proxy is a
circuit gateway, wouldn't you say? (And a generic UDP gateway is just scarey.)
Fred
---
NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
We've moved to bigger digs...
My new direct phone number is 301-947-7101.
New address is TIS, 15204 Omega Drive, Rockville, MD 20850.
Fax is still f 301-527-0482.
Also, anyone I told to change my address to avolio @
trusted .
com, change it
back to avolio @
tis .
com .
A short, but uninteresting story that will cost
you lunch or a beer. It is not worth the price of either to hear... :-)
|
|
