| Lee H. Marzke on 2 Aug 2017 12:30:19 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices] |
On Wed, Aug 2, 2017 at 2:08 PM, Thomas Delrue <delrue.thomas@gmail.com> wrote:
> On August 2, 2017 1:42:26 PM EDT, Rich Freeman <r-plug@thefreemanclan.net>
> wrote:
>>
>>
>> So, do you whitelist every individual web server you browse? Oh, and
>> I assume you proxy those requests to check the URLs because one of
>> those virtual hosts could be also hosting malware on some other
>> domain?
>>
>
> Believe it or not but I actually do have something along those lines in
> place. It's more complex than just this but once running, it's rather nice
> (and to rsk's point, hardly any maintenance).
Do you simply not have any desktop web traffic on your network?
Whitelisting every domain you visit in a browser sounds like anything
but "hardly any maintenance."
Sure, I could see doing this on a firewall protecting a server farm
where you have no desktop traffic. Doing it in general for outbound
desktop traffic seems like it would be an exercise in frustration for
admins and users alike. I wouldn't want to deal with this and I'm the
only user on this network...
--
Rich
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug