[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: RE: Re: Virus Scanner
From: "Paul D. Robertson" <proberts () clark ! net>
Date: 1997-07-28 12:05:51
[Download RAW message or body]
On Mon, 28 Jul 1997, Russ wrote:
> As the use of encrypted channels (mail/ssl/vpn) become more prevalent,
> aren't Firewall-based virus scanners becoming less effective? Assuming
Not only virus scanners, firewalls themselves will be less effective. A
tunnel is a tunnel, encrypted or in the clear.
> that a Firewall-based virus scanner is going to protect you assumes it
> can see everything as it really appears, not always the case. Altavista
> Tunnel decapsulates beyond the Firewall, S/MIME and PGP don't make
> contents visible until read by the client, and SSL extends all the way
> to the client also. IPSEC-based tunnels would be similar.
Some SSL proxies can be set up to "Man-in-the-middle" SSL transactions
(including Netscape's), allowing you to pass the traffic through
scanners, application layer proxies, Java/ActiveX/Javascript blockers, etc.
Just like key escrow, I wouldn't want it at home, but I'd sure as heck
demand it at work.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@clark.net which may have no basis whatsoever in fact."
PSB#9280
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic