Re: Masqerading vs. Applikationproxy

To: debian-firewall@lists.debian.org
Subject: Re: Masqerading vs. Applikationproxy
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Fri, 28 Sep 2001 06:49:53 +0200
Message-id: <20010928064953.A6793@lina.inka.de>
In-reply-to: <20010926235422.L762@thinknow.de>
References: <20010926235422.L762@thinknow.de>

On Wed, Sep 26, 2001 at 11:54:23PM +0200, Waldemar Brodkorb wrote:
> Is there an advantage to use application proxy's instead of a
> masqerading box to secure a LAN with private IP addresses from
> the dangerous internet.

Yes, Masquerading had Problems with "complex" protocols like FTP and IRC
DCC. Using an aplication layer proxy for that stuff will increase the
security of the gateway.

In addition to that an application layer proxy can additional value to your
gateway, by offering content screening (malware protection), filtering (spam
buster), caching and access control based on out of band authentication.

Typically you will at least run a HTTP Cache/Proxy.

> When I have to allow users inside my network the use of IRC, ICQ, 
> RealAudio/RealVideo or FTP (with a real FTP client), is then an 
> application proxy more secure than masqerading?

At last for FTP I would ask you to eighter use a HTTP Proxy or a real FTP
Application level gateway. Otherwise with masquerading I would suggest you
only use passive FTP.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to:

References:
- Masqerading vs. Applikationproxy
  - From: Waldemar Brodkorb <waldemar@thinknow.de>

Prev by Date: Re: Virus Checking on Firewall
Next by Date: 2.2.19 ipmaqs and private lans
Previous by thread: Re: Masqerading vs. Applikationproxy
Next by thread: cannot ftp files to a host behind firewall
Index(es):
- Date
- Thread