|Lee H. Marzke on 2 Aug 2017 12:30:19 -0700|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]|
On Wed, Aug 2, 2017 at 2:08 PM, Thomas Delrue <email@example.com> wrote:
> On August 2, 2017 1:42:26 PM EDT, Rich Freeman <firstname.lastname@example.org>
>> So, do you whitelist every individual web server you browse? Oh, and
>> I assume you proxy those requests to check the URLs because one of
>> those virtual hosts could be also hosting malware on some other
> Believe it or not but I actually do have something along those lines in
> place. It's more complex than just this but once running, it's rather nice
> (and to rsk's point, hardly any maintenance).
Do you simply not have any desktop web traffic on your network?
Whitelisting every domain you visit in a browser sounds like anything
but "hardly any maintenance."
Sure, I could see doing this on a firewall protecting a server farm
where you have no desktop traffic. Doing it in general for outbound
desktop traffic seems like it would be an exercise in frustration for
admins and users alike. I wouldn't want to deal with this and I'm the
only user on this network...
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug