My $.02- If you trust the users on the inside AND as long as no one on the outside manages to exploit a device (which then gives them total access outbound on your network), you are fine... for my money, I like to restrict outbound as much as possible as well as inbound. That way, I know EXACTLY what is coming and going on my network. Trust no one... plus it minimizes the potential damage if an attacker exploits a machine on your internal network.
For example, an attacker exploits a box and wants to ftp in their rootkit. Well, if you allow all outbound through the PIX, this probably won't be much of a problem (setting aside issues with translations, if any). If you are restricting outbound though, this becomes a much harder issue for someone who is not very savvy (i.e. script kiddie)... - J ----- Original Message ----- From: "d d" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, November 18, 2001 11:59 AM Subject: If i have a PIX 525 need MS Proxy?? > Hi: > > I have the following configuration: > > <--INTERNET<--->PIX<--->MS PROXY SERVER 2.0<--> PC WITH PROXY CLIENT > > I use in the Proxy 2.0 Server the WinSock and Web Proxy services, and in the > PIX i have ALL the services to the outbound (internt) open, its this config > right? is secure? anny ideas? > > Thanks!! > > > > > > _________________________________________________________________ > Descargue GRATUITAMENTE MSN Explorer en http://explorer.msn.es/intl.asp > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
