Chaining through proxies
Proxies, whilst being useless against a determined attacked, provide a generic level of security against stupid malware. An in-line IPS is able to stop known malware, leaving the proxy to provide a layer of security through obscurity- Internet access being unavailable through the default gateway. Broadly the ones I've had to deal with fall into two different categories: Forefront Threat Management Gateway Something that smells like squid. If you're up against the former, the conversation pretty much ends here: you're going to be using cntlm . Cntlm is fantastic at being a proxy chain to deal with most unix tools not understanding how to auth against NTLM based stuff. Even when they're NTLM-aware, Microsoft has a habit of changing the spec without telling anyone. A particular change from ISA 2006 to Forefront TMG broke a number of open-source apps (anything libcurl based, I'm looking at you) that were previously NTLM auth compatible. This left me in a bit of a