[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: Re: [NTSEC] ActiveX, MSIE and Quicken
From: Adam Shostack <adam () homeport ! org>
Date: 1997-02-10 18:28:58
[Download RAW message or body]
Can you enforce a policy at the desktop with the preponderance of
'Click here to download the latest...' links everywhere? Not without
tools on the firewall to enforce policy. What you really want is a
http proxy that sends a policy url/statement (like Netscape's autoproxy,
but for security policies) with each request, and a browser that
accepts and obeys policies from the firewall.
Adam
Starkweather, Mike wrote:
| Using the firewall to filter ActiveX and Java is like throwing out the
| baby with the bath water. This sounds more like a macro virus than a
| Internet exploit. Wouldn't it be better to treat it at the desktop
| instead of the firewall?
|
| Mike Starkweather
|
| ----------
| From: Jerry Mendes[SMTP:mendes@garnet.berkeley.edu]
| Sent: Saturday, February 08, 1997 5:05 AM
| To: Russ
| Cc: firewalls@GreatCircle.COM
| Subject: RE: [NTSEC] ActiveX, MSIE and Quicken
|
| Presumably, one answer is for the firewall companies to write
| additional
| application layer filters for port 80, looking for ActiveX or Java
| downloads. This would make configuration of the firewall a bit more
| complex. Don't know if any of 'em are considering this yet. Anyone
| have
| any scoop on this?
|
| Jerry Mendes, Principal Consultant
| DataComm Insights
| 150 Seminary Drive
| Mill Valley, California 94941
|
| Voice: 415-381-5500
| FAX: 415-381-5502
| Email: mendes@garnet.berkeley.edu
|
| At 11:40 PM 2/1/97 -0500, Russ wrote:
| >To try and keep this on a Firewalls vein. The tunneling of anything
| over
| >HTTP is, in my opinion, the crappy technology. That goes for Java
| >applets or certificate authentication for that matter. I don't like
| the
| >idea of combining diverse tasks within a single channel if its
| possible
| >to avoid it, and it is possible, so the only reason its not being
| done
| >is to USURP FIREWALLS.
| _______________________________________________________________________
| _____
| _______
| Jerry Mendes, Principal Consultant Voice: (415)
| 381-5500
| DataComm Insights FAX: (415)
| 381-5502
| 150 Seminary Drive Email:
| mendes@garnet.berkeley.edu
| Mill Valley, California 94941
|
|
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic