Rich Freeman on 2 Aug 2017 11:40:00 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]

On Wed, Aug 2, 2017 at 2:08 PM, Thomas Delrue <> wrote:
> On August 2, 2017 1:42:26 PM EDT, Rich Freeman <>
> wrote:
>> So, do you whitelist every individual web server you browse?  Oh, and
>> I assume you proxy those requests to check the URLs because one of
>> those virtual hosts could be also hosting malware on some other
>> domain?
> Believe it or not but I actually do have something along those lines in
> place. It's more complex than just this but once running, it's rather nice
> (and to rsk's point, hardly any maintenance).

Do you simply not have any desktop web traffic on your network?
Whitelisting every domain you visit in a browser sounds like anything
but "hardly any maintenance."

Sure, I could see doing this on a firewall protecting a server farm
where you have no desktop traffic.  Doing it in general for outbound
desktop traffic seems like it would be an exercise in frustration for
admins and users alike.  I wouldn't want to deal with this and I'm the
only user on this network...

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --