[134966] in North American Network Operators' Group
Re: Is NAT can provide some kind of protection?
daemon@ATHENA.MIT.EDU (Jack Bates)
Thu Jan 13 12:08:00 2011
Date: Thu, 13 Jan 2011 11:07:08 -0600
From: Jack Bates <jbates@brightok.net>
To: "nanog@nanog.orglist" <nanog@nanog.org>
In-Reply-To: <25C8C42F-7545-484B-BA79-E788915BAD33@arbor.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 1/13/2011 10:54 AM, Dobbins, Roland wrote:
>
> Not in front of servers, they shouldn't - because they have a negative security value in that context.
>
I agree. Any content checks and reporting should be handled by the
server and not a firewall proxy which might have it's own security
vulnerabilities (just as likely as the server app having them).
That being said, a proxy setup is definitely not unheard of for web
servers, though generally not for security purposes as much as content
distribution purposes.
Jack
