[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Masqerading vs. Applikationproxy



Hi Waldemar!

On 26 Sep 2001, at 23:54, Waldemar Brodkorb wrote:

> Is there an advantage to use application proxy's instead of a
> masqerading box to secure a LAN with private IP addresses from
> the dangerous internet.

There is first one big advantage, generally you get a better (application-
specific) logging from every connection. For example, if you use an smtp-proxy 
instead of simple masquerading outgoing smtp, you see when which mail goes 
from whom to whom and ist it accepted by the opponent mailserver or not. If 
you log the masq-smtp-sessions you just see ok there was smtp-traffic to the 
opponent mailserver. Same in webproxy (who requests when which URLs and was it 
successful).

> When I have to allow users inside my network the use of IRC, ICQ, 
> RealAudio/RealVideo or FTP (with a real FTP client), is then an 
> application proxy more secure than masqerading?

I don't want to say app-proxys are generally more secure, but normaly you have 
a better "feeling" and logging what is going on on this connections and with 
good proxies you also have additional possibilities for restrictions at the 
specific application-layer (eg. don't allow request .eml-files over the http-
proxy)


bye Josef
-- 
 BERGMANN engineering & consulting  http://bec.at/

       The Internet regards censorship as a hardware failure and just
       works around it.
                                       - Michael Martineau
       from the May 22nd issue of Maclean's magazine article Crime in
       Cybercity



Reply to: