Having watched closely the conversations of the past few days, concerning
how to handle certain protocols, and debating the relative merits (or lack
thereof) of application proxies .vs. 'stateful' filters, I'd like to poll
the assembly and ask:
Which (commonly deployed) protocols would you consider to be 'low risk', and
potentially adequately served via a stateful packet filter?
Conversely, as I assume it to be an easier question to answer (but maybe
not...), which handful of protocols (barring those which you should *never*
contemplate passing to the Internet) are better served by application
proxies, and what specific benefit is gained from doing so?
I'm looking for Real World examples/experiences supporting or trashing
either type rather than theory and conjecture, as we (my group) have plenty
of that at present ... (8{>
Has anyone (who'd care to admit it) constructed a system with stateful
filters as a first line of defense, sending the Bad Protocols(tm) through a
proxy via CVP or 'next proxy'? If so, care to elaborate?
_______________________________
Gary W. Parker Sr.
Xerox Corporation
XIM/TSI/TS&A
161 Chestnut St.
Rochester, NY 14604
Email: [EMAIL PROTECTED]
_______________________________
Gary W. Parker (E-mail).vcf
