[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: [NTSEC] ActiveX, MSIE and Quicken
From:       Mike Shaver <shaver () neon ! ingenia ! ca>
Date:       1997-02-02 14:52:29
[Download RAW message or body]

Thus spake Todd Graham Lewis:
> On Fri, 31 Jan 1997, Russ wrote:
> 
> > So yes, plug it up today, that's what I recommend anyway, but What we
> > really need are new/improved desktop security products, not more filters
> > for Firewalls.
> 
> Not to be contentious or anything, but what we _need_ are designers who
> put different technologies on different port numbers rather than cramming
> everything under the sun down port 80.

Pardon the arrogance, but what we _need_ are firewall
designers/implementors/administrators/advocates who have outgrown the
bogus `port = protocol' bit.  Ports have meaning only for connection
management.  The use of `well-known-ports' is a convenience (snicker)
at best, designed to allow people to synchronize their /etc/services
files in lieu of a decent service-location directory or whatever.

Assuming that port 80 means HTTP is only marginally more clueful than
assuming that ports below 1024 are from root and so it's all Really OK
To Trust Them.

(Similarly for assuming that HTTP means HTML and images.)

If you want to filter an application protocol, you need a
application-protocol-level filter.

> Geez, at age 21 I really am too young to get an ulcer.

Not by a fair shot, gramps. =)

Mike

--
#> Mike Shaver (shaver@ingenia.com) Ingenia Communications Corporation 
#>                   Welcome to the technocracy.
#>                                                                     
#> "Nobody ever went broke underestimating the public's intelligence."
#>                    - cbird@chat.carleton.ca

[prev in list] [next in list] [prev in thread] [next in thread]