Easy to use firewall and invisible proxy?
Lisa Kachold
lisakachold at obnosis.com
Tue Sep 23 06:53:15 MST 2008
OpenDNS is the best tool! Especially combined with a pix and firewall.
You are filtering content for internal to outbound addresses, so the configuration for this, when properly setup AND TESTED takes care of security issues.
As with any DNS server, you will be protecting binary systems, either via chrooted bind, or a combination of chrooted bind and a PAE kernel, AppArmour, or SELinux. Of course simple items like turning off kernel TCP forwarding, checking Bind cache, and DNS forwarders, while also watching TTL, in conjunction with a tested PIX and hammered down listen addresses, you will offset the risks.
OpenDNS is not prey to DNS rebinding attacks, DNS cache poisening, or Dan Kaminsky's DefCon 16 examples (like AT&T and Cox).
Reference: http://blog.opendns.com/category/security/
(503)754-4452 Blackberry || Obnosis.com
> Date: Mon, 22 Sep 2008 22:54:30 -0700
> From: bfrancom at gmail.com
> To: plug-discuss at lists.plug.phoenix.az.us
> Subject: Re: Easy to use firewall and invisible proxy?
>
> I've been looking at OpenDNS for content filtering, but am leery
> because of the privacy issues.
> http://www.opendns.com/smb/solutions/filtering/
>
> On Mon, Sep 22, 2008 at 10:48 PM, Alan Dayley <alandd at consultpros.com> wrote:
> > Recomendations sought: Easy to use firewall and invisible proxy.
> >
> > I have friends and family that want a firewall and invisible proxy
> > with content filtering as a gateway on their Internet connection. I
> > know some of the usual suspects like IPCop[1] with Copfilter[2].
> > Dan's Guardian[3] is also nice for content filtering but does not
> > always behave well with Copfilter.
> >
> > So, rather than continue my late night search, I thought I'd ask here
> > about possible solutions. There must be some out there already, such
> > as those used in schools and the like. Does anyone have some
> > recommendations?
> >
> > Alan
> >
> > [1]http://www.ipcop.org
> > [2]http://www.copfilter.org
> > [3]http://dansguardian.org
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
_________________________________________________________________
Stay up to date on your PC, the Web, and your mobile phone with Windows Live.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093185mrt/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20080923/9de2b8a5/attachment.htm
More information about the PLUG-discuss
mailing list