Mailinglist Archive: opensuse-security (423 mails)

< Previous Next >
RE: [suse-security] AW: Squid on Firewall?
  • From: christian.burri@xxxxxxxxxx
  • Date: Tue, 27 Mar 2001 11:38:18 +0200
  • Message-id: <OF8C837933.89544376-ONC1256A1C.0034EB6D@xxxxxxxxxx>

I must agree ;-)

/v\ L I N U X
// \\ >Phear the Penguin<
/( )\

Tobias" To: SuSE <suse-security@xxxxxxx>
<Reckhard@sec cc:> Subject: RE: [suse-security] AW: Squid on Firewall?


> AFAIK you should NEVER use a
> proxy etc. on any firewall due to the buffer-
> overflow-problem. sorry...
Huh? Get real, man, with that attitude you shouldn't connect anything to an
untrusted network, as any application could be susceptible to buffer
overflows. And check out the literature on firewalls whenever you have a
of spare time, I recommend the 2nd edition of 'Building Internet Firewalls'
by Chapman, Cooper and Zwicky. Most, if not all, of the firewall people
prefer application layer gateways, aka application proxies, over packet
filters when constructing firewalls. And I'd much rather have only one
application, the proxy, to watch for a compromise than the entire number of
client applications..


To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx

< Previous Next >