(February 1998)
|
|
Firewalls (February 1998) |
>I'd be interested to hear any comments or experiences of those of
you
>who have implemented MS Proxy 2.0 as a firewall solution. The MS blurb >claims this is a firewall, but how does this compare to a 'real' >firewall like Eagle or FW-1. These are expensive in comparison so what >extra would I get for the money? We are looking at putting in a firewall >at the moment, and will have a WWW proxy behind it for caching anyway, >but what extra will an extra device give me. Myself and a coworker (teresa
fishburn) just finished an article that was published in NT Systems magazine
about the security of MSP 2.0. The basic conclusions that we came up with
are:
<quote>
Conclusions
Microsoft’s Proxy Server 2.0 is being advertised as having “firewall-class” security functionality and it does represent a significant improvement over version 1.0 in this area. In this article we looked at many of the new security features of Proxy Server 2.0 and while it has firewall-like capabilities, it still has a little maturing to do before it can be compared to today’s commercial firewall products. The main areas needing improvement are:
If Microsoft hopes to push Proxy
Server 2.0 as a firewall solution, then improvements in the above are
necessary. Additional firewall technologies would also have to be
considered such as VPN support (other than just PPTP) and content
filtering.
Proxy Server 2.0 does have many
features that are perfect for small environments that want to be connected to
the Internet and are not looking to offer many services to external users.
Configured correctly it can be very secure and well
hidden.
<end quote>
Out of that list my biggest complaint is
the lack of transparency. Clients are either Windows-based with the MSP client
software added, or SOCKS-based for UNIX hosts. I like the idea of total
transparency without modification to the end systems in a firewall product.
--
chris
|