On Wed, 11 Feb 2004 [EMAIL PROTECTED] wrote: > What can you do against someone plugging into your intranet > a preconfigured laptop which will NOT ask novell about anything > before going direct?
Inverse firewalling, making sure direct connections to the Internet is not allowed. > > - authentication does not work with transparent proxy, we are currently > > not using it, but will in the future > > Wow. I'm not familiar with this stuff... To use proxy authenticaiton you must be using a client configured to use the proxy. Proxy authentication gives much stronger audit trails than any firewall logs, as the proxy logs will contain detailed information about who in person went where when, not just a mix of ipaddresses and ports. Btw, the logging capabilities of iptables truly sucks in comparisation with a Squid proxy. Basically non-existant. Regards Henrik
