Mailinglist Archive: opensuse-security (457 mails)

< Previous Next >
Re: [suse-security] How to block MSN using SuSEfirewall2?
  • From: Arjen de Korte <suse-security@xxxxxxxxxxxx>
  • Date: Fri, 20 Feb 2004 16:25:14 +0100
  • Message-id: <200402201625.14844.suse-security@xxxxxxxxxxxx>
On Friday 20 February 2004 09:23, Ray Leach wrote:

> So, are you saying that squid can proxy any protocol?

No, I'm saying because MSN Chat is able to work via a proxy AFAIK, security
wise it is probably a better solution than using masquerading of the internal
network and firewalling the ports in question.

Since there is a Squid proxy on the network already, this will provide far
better granularity for whom and when to block access and will provide much
better access (proxy authentication comes to mind) and logging facilities
than you'll ever get with a masquerading/firewall based approach. Therefor I
think it is a better solution to block access on the proxy.

One may need to block other ports/hosts than I mentioned previously, but this
can be done fairly easily once you have gathered a few days worth of proxy
access logfiles and know which ports and hosts the girl in question needs for
chatting.

Best regards,
Arjen

< Previous Next >
Follow Ups