[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] How to block MSN using SuSEfirewall2?



On Friday 20 February 2004 09:23, Ray Leach wrote:

> So, are you saying that squid can proxy any protocol?

No, I'm saying because MSN Chat is able to work via a proxy AFAIK, security 
wise it is probably a better solution than using masquerading of the internal 
network and firewalling the ports in question.

Since there is a Squid proxy on the network already, this will provide far 
better granularity for whom and when to block access and will provide much 
better access (proxy authentication comes to mind) and logging facilities 
than you'll ever get with a masquerading/firewall based approach. Therefor I 
think it is a better solution to block access on the proxy.

One may need to block other ports/hosts than I mentioned previously, but this 
can be done fairly easily once you have gathered a few days worth of proxy 
access logfiles and know which ports and hosts the girl in question needs for 
chatting.

Best regards,
Arjen

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here