Firewalls: Re: Proxy v. Packet Filter

Firewalls
(December 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Proxy v. Packet Filter
From:	bobk @ manzanita . DEV . 3Com . COM (Bob Konigsberg)
Date:	Thu, 21 Dec 95 12:14:20 PST
To:	Firewalls @ GreatCircle . COM, ppmorris @ syr . edu

1) Proxies can hide the internal address structure of your network.

2) Proxies can better log the nature of traffic crossing the firewall
   than packet filters

3) Packet filters are generally (A lot of people may disagree with this)
   faster than a proxy server.

4) Packet filters are generally easier to secure than a proxy server.
   (In terms of fewer vulnerabilities to be protected/removed)

None of these observations is an absolute.  It all depends on the technology
employed, and how much time and money you have available to do the job.

BobK

Indexed By Date	Previous:	Re: Firewall-1, any hints or gotcha's in it's installation?? From: Craig Anderson <craiga @ Ipsilon . COM>
Indexed By Date	Next:	Re: Session hijacking? From: Craig McLellan <mclelcl @ onto . network . com>
Indexed By Thread	Previous:	Re: Proxy v. Packet Filter From: wbunting @ ch . inri . com (Bill Bunting)
Indexed By Thread	Next:	Re: Proxy v. Packet Filter From: gary flynn <gary @ habanero . jmu . edu>