>I'd be interested to hear any comments or experiences of those of you
>who have implemented MS Proxy 2.0 as a firewall solution. The MS blurb
>claims this is a firewall, but how does this compare to a 'real'
>firewall like Eagle or FW-1. These are expensive in comparison so what
>extra would I get for the money? We are looking at putting in a firewall
>at the moment, and will have a WWW proxy behind it for caching anyway,
>but what extra will an extra device give me.
Myself and a coworker (teresa fishburn) just finished an article that was published in NT Systems magazine about the security of MSP 2.0. The basic conclusions that we came up with are:
Microsoft’s Proxy Server 2.0 is being advertised as having “firewall-class” security functionality and it does represent a significant improvement over version 1.0 in this area. In this article we looked at many of the new security features of Proxy Server 2.0 and while it has firewall-like capabilities, it still has a little maturing to do before it can be compared to today’s commercial firewall products. The main areas needing improvement are:
If Microsoft hopes to push Proxy Server 2.0 as a firewall solution, then improvements in the above are necessary. Additional firewall technologies would also have to be considered such as VPN support (other than just PPTP) and content filtering.
Proxy Server 2.0 does have many features that are perfect for small environments that want to be connected to the Internet and are not looking to offer many services to external users. Configured correctly it can be very secure and well hidden.
Out of that list my biggest complaint is the lack of transparency. Clients are either Windows-based with the MSP client software added, or SOCKS-based for UNIX hosts. I like the idea of total transparency without modification to the end systems in a firewall product.