Kurt Seifried wrote:
http://www.acm.uiuc.edu/workshops/security/firewall.html as I understand recommends using a proxy firewall
Proxy firewall at what level? technically NAT (IPMASQ) is a circuit level proxy. "Advantages" of a proxy such as squid (www/ftp) is that you can log access easily, and block say *.doubleclick.net. OTOH the added software adds security risks.
Thanks Kurt, I understand added software means added risk. I have reread the Suse manual for 7.0 and on page 490 it states as follows: "Packet filters are network layer firewalls. They make fundamental decisions on the basis of source addresses, target addresses and ports in specific IP packets. A simple router or the SuSE Packet Filter Firewall are traditional network layer firewalls. Since they are not intelligent enough to determine what significance the contents of an IP packet have and where it really originates from, they do not offer sufficient protection against attacks. Modern network layer firewalls (for example, SINUS Firewall I for Linux, http://www.sinus-firewall.org) are more highly developed, and gather internal information on the status of connections which run via them, the contents of data streams, etc. Application layer firewalls (e. g.TIS Firewall Toolkit) on the other hand, are usually computers on which proxy servers run and which carefully protocol and examine the data traffic running over them. Since the proxy servers are programs which run on the firewall, they are ideally suited for protocol and access protection mechanisms." Based on this statement I will go ahead and consider openwall security pacth and use of the Sinus firewall. Hope I do not starting crying out for helps soon :-) -- Togan Muftuoglu toganm@turk.net 100% MS FREE Absolutely no component of Microsoft was used in the generation or posting of this e-mail. So it is virus free