Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!spool.mu.edu!sol.ctr.columbia.edu!news.uoregon.edu!newsxfer2.itd.umich.edu!tank.news.pipex.net!pipex!oleane!jussieu.fr!math.ohio-state.edu!magnus.acs.ohio-state.edu!lerc.nasa.gov!purdue!haven.umd.edu!hecate.umd.edu!umbi.umd.edu!maxwell
From: Andy Maxwell <maxwell@umbi.umd.edu>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Security of Proxy on FreeBSD?
Date: Mon, 10 Jun 1996 15:34:13 -0400
Organization: University of Maryland, College Park
Lines: 40
Message-ID: <Pine.SGI.3.91.960610152717.12574A-100000@umbi.umd.edu>
References: <199606071519.AA08078@metronet.com>
NNTP-Posting-Host: umbi.umd.edu
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <199606071519.AA08078@metronet.com>
The feedback I've gotten has said that it should be quite secure. By
disabling all services except one that is designed to be of limited
utility (the Proxy) there aren't too many openings available for attack.
I got a few comments saying that the limitations of application-level
were too great. They cited slow performance, inconveinent (requiring
password), and inflexability (only can use specific versions of
software). The proxy is usable and gets pretty good performance, and I'd
rather have something too secure and unfriendly than a breakin. ;^)
Andy Maxwell-
On Fri, 7 Jun 1996, Phil Gilley wrote:
> Have you had any feedback on this? I was thinking about implementing a
> very similar setup except using socks instead of Netscape's proxy (which
> I'm not familiar with). Also, how are you handling mail?
>
> Phil Gilley
> pgilley@metronet.com
>
> In article <4p04t0$gsp@cville-srv.wam.umd.edu> you write:
> >Hi there,
> >
> >I'm running a FreeBSD machine as a dual-homed host on both the public
> >'net and a private 10.x.x.x intranet. Everything is commented out of the
> >inetd.conf (I mean _everything_), and I'm running Netscape's Proxy on the
> >box.
> >
> >I'm using this application level gateway for my users to get onto the net
> >safely while making my boss happy ("How do I know these people aren't
> >wasting time looking at Playnerd?").
> >
> >How safe is this setup? I'd think that with all services removed, it
> >would be pretty tight. The big risk, of course, is Netscape's proxy...
> >
> >Thanks in advance,
> >
> >Andy Maxwell-
>