On Fri, 28 Mar 2008 13:05:01 +0000 Chris G cl@isbd.net allegedly wrote:
On Fri, Mar 28, 2008 at 12:55:27PM +0000, mbm wrote:
This leaves the proxy or firewall as the place to enforce the deny policy on the client(s) in question.
... but surely (at least on a small setup) it's *far* easier to do the settings all in one place (the router) rather than configuring each PC.
I'm thinking here of a small LAN (like a small office or SoHo LAN) where users may well have full (i.e. admin) access to their own PCs. The 'secure' place to configure their access to the outside world is on the firewall (be it a router or separate box) between them and the outside world.
Ummm - that's what I said.
The router denys all oubound access except from one point - the proxy.
Mick ---------------------------------------------------------------------
This is a Microsoft free zone. Please do not send me Microsoft Word Documents. For some reasons, see:
http://www.gnu.org/philosophy/no-word-attachments.html http://www.goldmark.org/netrants/no-word/attach.html ---------------------------------------------------------------------