Re: Masqerading vs. Applikationproxy
On 26 Sep 2001, at 23:54, Waldemar Brodkorb wrote:
> Is there an advantage to use application proxy's instead of a
> masqerading box to secure a LAN with private IP addresses from
> the dangerous internet.
There is first one big advantage, generally you get a better (application-
specific) logging from every connection. For example, if you use an smtp-proxy
instead of simple masquerading outgoing smtp, you see when which mail goes
from whom to whom and ist it accepted by the opponent mailserver or not. If
you log the masq-smtp-sessions you just see ok there was smtp-traffic to the
opponent mailserver. Same in webproxy (who requests when which URLs and was it
> When I have to allow users inside my network the use of IRC, ICQ,
> RealAudio/RealVideo or FTP (with a real FTP client), is then an
> application proxy more secure than masqerading?
I don't want to say app-proxys are generally more secure, but normaly you have
a better "feeling" and logging what is going on on this connections and with
good proxies you also have additional possibilities for restrictions at the
specific application-layer (eg. don't allow request .eml-files over the http-
BERGMANN engineering & consulting http://bec.at/
The Internet regards censorship as a hardware failure and just
works around it.
- Michael Martineau
from the May 22nd issue of Maclean's magazine article Crime in