Many thanks to all who responded. What a great list!
Original post:
> Could someone reference a good clear simple distinction
> between firewall and proxy server?
Responses:
From: Richard Sharpe <sharpe_at_ns.aus.com>
Subject: Re: firewall vs. proxy server
Try:
http://www.ncsa.com/services/consortia/firewalls/fwpg.htm
Since a firewall might contain a proxy server as well as packet filtering
functions, it seems to me that a proxy server is a subset/sub-component of
a firewall.
From: "Christopher L. Davis" <cld_at_prin.edu>
Proxy server - An application proxy device. It sits between clients out on
the net and your server. When you ftp (for instance) the proxy server acts
like your server to the client, and brokers the requests to the real
server, all the while looking for suspicious behaviour. Some proxy servers
might include the other functions of a firewall, it just depends on the
vendor.
Firewall - A good firewall will combine a number of technologies. It will
absolutely have an application proxy. It should also have packet
filtering, circuit gateways, network address translation, and a host of
other features coming out such as virus protection, java applet screening,
etc. It is a combination of technologies (at least a good one is!).
from : Kurt A. Schumacher
A proxy server (or any proxy style firewall!!!) can usually alow traffic on
special ports.
A firewall (e.g. FireWall-1) can control any IP based communication, based
on surce address, destination address, port and so on. It is basically
independant of the layer above transport.
From: Gyula Szokoly <szgyula_at_tarkus.pha.jhu.edu>
Using proxy servers is one approach to firewalls. In this model, you
have one machine which is reachable from the otside (traffic to others
is filtered out by the routers) directly. The communication between
the inside and the outside is happening through proxy servers. Sometimes
the proxy server machine has two network cards, one to the inside, one
to the outside. In this case it is acting as a very inteligent router
which routes protocols (and even checks the protocols for hostile content).
This is the most secure approach to firewalls, but the most inconvinient
for the users as only protocols that you support will be available to them.
Received on Sat Apr 18 1998 - 17:11:58 NZST