On Friday 20 February 2004 09:23, Ray Leach wrote:
So, are you saying that squid can proxy any protocol?
No, I'm saying because MSN Chat is able to work via a proxy AFAIK, security wise it is probably a better solution than using masquerading of the internal network and firewalling the ports in question. Since there is a Squid proxy on the network already, this will provide far better granularity for whom and when to block access and will provide much better access (proxy authentication comes to mind) and logging facilities than you'll ever get with a masquerading/firewall based approach. Therefor I think it is a better solution to block access on the proxy. One may need to block other ports/hosts than I mentioned previously, but this can be done fairly easily once you have gathered a few days worth of proxy access logfiles and know which ports and hosts the girl in question needs for chatting. Best regards, Arjen