[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Masqerading vs. Applikationproxy

On Wed, Sep 26, 2001 at 11:54:23PM +0200, Waldemar Brodkorb wrote:
> Is there an advantage to use application proxy's instead of a
> masqerading box to secure a LAN with private IP addresses from
> the dangerous internet.

Yes, Masquerading had Problems with "complex" protocols like FTP and IRC
DCC. Using an aplication layer proxy for that stuff will increase the
security of the gateway.

In addition to that an application layer proxy can additional value to your
gateway, by offering content screening (malware protection), filtering (spam
buster), caching and access control based on out of band authentication.

Typically you will at least run a HTTP Cache/Proxy.

> When I have to allow users inside my network the use of IRC, ICQ, 
> RealAudio/RealVideo or FTP (with a real FTP client), is then an 
> application proxy more secure than masqerading?

At last for FTP I would ask you to eighter use a HTTP Proxy or a real FTP
Application level gateway. Otherwise with masquerading I would suggest you
only use passive FTP.

  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: