Dear all,
Thanks for all the suggestions and explanations. The main core reason for
asking for the recommendations was, that I was not really sure about the
critical balance between security and usability. Everybody know about the
MS-Proxy and its vulnerabilities and its openness to attacks. We bought the
PIX just to secure our network from all those unknown vulnerabilities, I
personally thought PIX box would be a nice buy. since it is less prone and
has some built-in functionality to prevent such vulnerabilities. The
question which I face now is production change without interrupting the
business, and change of activities to our end-user, meaning to say the
end-users should not feel that something has changed. Moreover the
integration of the PIX with the current NT security model, the URL filtering
option, and various DNS records modifications made me think to keep the
proxy in its place and add the PIX as the first line of defense.
Internet-----------Router-----------PIX---------------MSPROXY---------LAN
A simple question which always comes to my mind concerning security is that,
if the internet users have sessions to our MSproxy server and internal
network, Isn't our internal network still vulnerable to those attacks which
were their prior putting the PIX. We have enabled Winsock apps on the proxy,
and lot of apps are been used by our LAN users. Was that PIX, worth a buy.
etc etc.
Still not sure how the final design will look like. Just putting more time
and research onto it.
Thanks and Regards,
Shaikh Raees
[GroupStudy.com removed an attachment of type image/jpeg which had a name of
Glacier Bkgrd.jpg]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=11651&t=11651
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
