Security Basics mailing list archives
Re: Protocol enforement
From: private private <securecure () gmail com>
Date: Tue, 10 Mar 2009 23:53:29 +0200
sometimes legitimate devices incorrectly configured can cause protocol violations by sending for instance a doubled up soap envelope in the http body. identify the node(s) sending the traffic and the software creating the requests then run something like fiddler or webscarab on the host to identify what is wrong with the traffic. correct the problem and then you don't have reduce security On 3/10/09, Javier Reyna <jreyna () onlinet com mx> wrote:
So? What is mos important for you? Security or Availability? On Fri, Mar 06, 2009 at 05:42:27PM -0000, myauthoritah () gmail com wrote:I have an environment where Checkpoint Smart Defense is causing problems with SSL web traffic. The specific SSL traffic does not appear to be RFC compliant (big surprise). Protocol enforcement of 443 is problem. How much risk would I be accepting by shutting down the protocol enforcement on the Checkpoint. Googling did very little to help. Security is getting in the way of availability. VR, Slinger-- Saludos! ________________ Javier Reyna CCSE WCSE ISS-CS NSP JNCIA-FWV Consultor en Seguridad jreyna () onlinet com mx www.onlinet.com.mx ,,__ o" )~ ''''
-- Sent from my mobile device
Current thread:
- Protocol enforement myauthoritah (Mar 06)
- Re: Protocol enforement Vivek P (Mar 09)
- RE: Protocol enforcement Steve Armstrong (Mar 09)
- Re: Protocol enforement Javier Reyna (Mar 10)
- Re: Protocol enforement private private (Mar 11)