On Fri, Mar 28, 2008 at 01:12:44PM +0000, mbm wrote:
On Fri, 28 Mar 2008 13:05:01 +0000 Chris G cl@isbd.net allegedly wrote:
On Fri, Mar 28, 2008 at 12:55:27PM +0000, mbm wrote:
This leaves the proxy or firewall as the place to enforce the deny policy on the client(s) in question.
... but surely (at least on a small setup) it's *far* easier to do the settings all in one place (the router) rather than configuring each PC.
I'm thinking here of a small LAN (like a small office or SoHo LAN) where users may well have full (i.e. admin) access to their own PCs. The 'secure' place to configure their access to the outside world is on the firewall (be it a router or separate box) between them and the outside world.
Ummm - that's what I said.
... and it's what I thought I originally said too! :-)
The router denys all oubound access except from one point - the proxy.
None of the places I know about have a proxy as such. It's surely not normal to have one on a small home/SoHo LAN, you just tell all systems (probably automatically) what their default route is and that's it.
We don't have one at work either.