Rich Freeman on 2 Aug 2017 11:40:00 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]


On Wed, Aug 2, 2017 at 2:08 PM, Thomas Delrue <delrue.thomas@gmail.com> wrote:
> On August 2, 2017 1:42:26 PM EDT, Rich Freeman <r-plug@thefreemanclan.net>
> wrote:
>>
>>
>> So, do you whitelist every individual web server you browse?  Oh, and
>> I assume you proxy those requests to check the URLs because one of
>> those virtual hosts could be also hosting malware on some other
>> domain?
>>
>
> Believe it or not but I actually do have something along those lines in
> place. It's more complex than just this but once running, it's rather nice
> (and to rsk's point, hardly any maintenance).

Do you simply not have any desktop web traffic on your network?
Whitelisting every domain you visit in a browser sounds like anything
but "hardly any maintenance."

Sure, I could see doing this on a firewall protecting a server farm
where you have no desktop traffic.  Doing it in general for outbound
desktop traffic seems like it would be an exercise in frustration for
admins and users alike.  I wouldn't want to deal with this and I'm the
only user on this network...

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug