Yeah, I've heard the same thing. From my understanding, the best solution is to have a firewall AND a content filtering tool. You should never use a content filter as a means of firewalling a network. From what I've read, doing a firewall/filter solution is secure (if there is such a thing). ;) David Ishmael, CCNA, IVCP Senior Network Management Engineer Windward Consulting Group, Inc. Phone: (703) 283-7564 Pager: (888) 910-7094 eFax: (425) 969-4707 Fax: (703) 351-9428 mailto:dishmael@windwardcg.com mailto:9107094@skytel.com -----Original Message----- From: Ron DuFresne [mailto:dufresne@winternet.com] Sent: Wednesday, June 06, 2001 4:26 PM To: David Ishmael Cc: firewalls@Lists.GNAC.NET Subject: RE: Content Filtering Perhaps I've mised updates and such, but, I was of the understanding that all these sweet little content filters for the web were susecptable to url obfuscations that allowed one to bypass them. Thanks, Ron DuFresne On Wed, 6 Jun 2001, David Ishmael wrote: > Richard, > > Are you looking for a stand-alone application or a combination of > firewall/content filter? We ran a PIX firewall for a firewall and used (I > think it was called) WebTrends. The speed was in how it worked. The > firewall would get a packet destined for bad-site.com and would send the > packet on as well as a packet to WebTrends asking for the acceptance policy. > By the time the response came back from bad-site.com it had already gotten a > response from WebTrends to either permit or deny responses from that site. > If it was allowed the response passed through the firewall, if not the user > was sent a custom URL that said that the site was restricted. Highly > configurable and fast... > > I'm sure there are ton's of good stand-alone solutions out there...good > luck! ;) > David Ishmael, CCNA, IVCP > Senior Network Management Engineer > Windward Consulting Group, Inc. > Phone: (703) 283-7564 > Pager: (888) 910-7094 > eFax: (425) 969-4707 > Fax: (703) 351-9428 > mailto:dishmael@windwardcg.com > mailto:9107094@skytel.com > > > > > > -----Original Message----- > From: firewalls-owner@Lists.GNAC.NET > [mailto:firewalls-owner@Lists.GNAC.NET]On Behalf Of Richard Ginski > Sent: Wednesday, June 06, 2001 2:11 PM > To: firewalls@Lists.GNAC.NET > Subject: Content Filtering > > > Hello Everyone, > > Sorry in advance for being slightly off topic. > We are an organization of approximately 4000 users. I have been asked to > find a technology which can prevent users from browsing bad sites. I am > somewhat familiar with content filtering products. However, my biggest fear > is latency. Can anyone recommend who I should check out regarding content > filtering products? > > PS: If it also prevented the execution of harmful (only harmful) JAVA > based and Active X based code..it would be a plus. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.]