hey tobias, yes, your are right! getting compromised by a client applications isn't good indeed...;-) but that wasn't my hint about this topic. my idea is to separate your system into two ones: first you have a hardened firewall-system without any programm running on it. second there is a proxy-server behind the wall with "your" application proxies. and that's all...;-) greets, daniel "Reckhard, Tobias" schrieb:
AFAIK you should NEVER use a proxy etc. on any firewall due to the buffer- overflow-problem. sorry...
Huh? Get real, man, with that attitude you shouldn't connect anything to an untrusted network, as any application could be susceptible to buffer overflows. And check out the literature on firewalls whenever you have a bit of spare time, I recommend the 2nd edition of 'Building Internet Firewalls' by Chapman, Cooper and Zwicky. Most, if not all, of the firewall people prefer application layer gateways, aka application proxies, over packet filters when constructing firewalls. And I'd much rather have only one application, the proxy, to watch for a compromise than the entire number of client applications..
Cheers, Tobias
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Daniel Quappe Dienstag, der 27. März 2001 Systemadministrator E-Mail: quappe@erster.de Fon +49 (0)202 252 15 99 Fax +49 (0)202 52 20 99 Didn't take a look at http://www.erster.de yet ?!