The main issue is; are you getting the bang for the buck? if the
filtering SW can be bypassed with fairly non-techie means, then, why
consider it as an option and waste the bucks that might be better spent.
If the filter can be easily avoided, but, the FW can't, then is a two
option 'protection' scheme here of any inherent value?
Thanks,
Ron DuFresne
On Wed, 6 Jun 2001, David Ishmael wrote:
> Yeah, I've heard the same thing. From my understanding, the best solution
> is to have a firewall AND a content filtering tool. You should never use a
> content filter as a means of firewalling a network. From what I've read,
> doing a firewall/filter solution is secure (if there is such a thing). ;)
>
> David Ishmael, CCNA, IVCP
> Senior Network Management Engineer
> Windward Consulting Group, Inc.
> Phone: (703) 283-7564
> Pager: (888) 910-7094
> eFax: (425) 969-4707
> Fax: (703) 351-9428
> mailto:[EMAIL PROTECTED]
> mailto:[EMAIL PROTECTED]
>
>
>
>
>
>
> -----Original Message-----
> From: Ron DuFresne [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 06, 2001 4:26 PM
> To: David Ishmael
> Cc: [EMAIL PROTECTED]
> Subject: RE: Content Filtering
>
>
>
> Perhaps I've mised updates and such, but, I was of the understanding that
> all these sweet little content filters for the web were susecptable to url
> obfuscations that allowed one to bypass them.
>
> Thanks,
>
> Ron DuFresne
>
>
> On Wed, 6 Jun 2001, David Ishmael wrote:
>
> > Richard,
> >
> > Are you looking for a stand-alone application or a combination of
> > firewall/content filter? We ran a PIX firewall for a firewall and used (I
> > think it was called) WebTrends. The speed was in how it worked. The
> > firewall would get a packet destined for bad-site.com and would send the
> > packet on as well as a packet to WebTrends asking for the acceptance
> policy.
> > By the time the response came back from bad-site.com it had already gotten
> a
> > response from WebTrends to either permit or deny responses from that site.
> > If it was allowed the response passed through the firewall, if not the
> user
> > was sent a custom URL that said that the site was restricted. Highly
> > configurable and fast...
> >
> > I'm sure there are ton's of good stand-alone solutions out there...good
> > luck! ;)
> > David Ishmael, CCNA, IVCP
> > Senior Network Management Engineer
> > Windward Consulting Group, Inc.
> > Phone: (703) 283-7564
> > Pager: (888) 910-7094
> > eFax: (425) 969-4707
> > Fax: (703) 351-9428
> > mailto:[EMAIL PROTECTED]
> > mailto:[EMAIL PROTECTED]
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Richard Ginski
> > Sent: Wednesday, June 06, 2001 2:11 PM
> > To: [EMAIL PROTECTED]
> > Subject: Content Filtering
> >
> >
> > Hello Everyone,
> >
> > Sorry in advance for being slightly off topic.
> > We are an organization of approximately 4000 users. I have been asked to
> > find a technology which can prevent users from browsing bad sites. I am
> > somewhat familiar with content filtering products. However, my biggest
> fear
> > is latency. Can anyone recommend who I should check out regarding content
> > filtering products?
> >
> > PS: If it also prevented the execution of harmful (only harmful) JAVA
> > based and Active X based code..it would be a plus.
> >
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D. Just don't touch anything.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
