[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    RE: Re: Virus Scanner
From:       Paul Ferguson <pferguso () cisco ! com>
Date:       1997-07-28 11:39:37
[Download RAW message or body]

Good point.  :-)

And not to mention traditional IP GRE and IP-in-IP tunnels (DVMRP).

- paul

At 11:04 AM 07/28/97 -0400, Russ wrote:

>As the use of encrypted channels (mail/ssl/vpn) become more prevalent,
>aren't Firewall-based virus scanners becoming less effective? Assuming
>that a Firewall-based virus scanner is going to protect you assumes it
>can see everything as it really appears, not always the case. Altavista
>Tunnel decapsulates beyond the Firewall, S/MIME and PGP don't make
>contents visible until read by the client, and SSL extends all the way
>to the client also. IPSEC-based tunnels would be similar.
>
>Cheers,
>Russ
>R.C. Consulting, Inc. - NT/Internet Security
>owner of the NTBugTraq mailing list:
>http://ntbugtraq.rc.on.ca/index.html
>


--
Paul Ferguson                                           ||        ||
Consulting Engineering                                  ||        ||
Herndon, Virginia   USA                                ||||      ||||
tel: +1.703.397.5938                               ..:||||||:..:||||||:..
e-mail: pferguso@cisco.com                         c i s c o S y s t e m s

[prev in list] [next in list] [prev in thread] [next in thread]