| Rich Freeman on 2 Aug 2017 11:40:00 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices] |
On Wed, Aug 2, 2017 at 2:08 PM, Thomas Delrue <delrue.thomas@gmail.com> wrote: > On August 2, 2017 1:42:26 PM EDT, Rich Freeman <r-plug@thefreemanclan.net> > wrote: >> >> >> So, do you whitelist every individual web server you browse? Oh, and >> I assume you proxy those requests to check the URLs because one of >> those virtual hosts could be also hosting malware on some other >> domain? >> > > Believe it or not but I actually do have something along those lines in > place. It's more complex than just this but once running, it's rather nice > (and to rsk's point, hardly any maintenance). Do you simply not have any desktop web traffic on your network? Whitelisting every domain you visit in a browser sounds like anything but "hardly any maintenance." Sure, I could see doing this on a firewall protecting a server farm where you have no desktop traffic. Doing it in general for outbound desktop traffic seems like it would be an exercise in frustration for admins and users alike. I wouldn't want to deal with this and I'm the only user on this network... -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug