Re: How to bypass firewalls

[pasquale imperato <slashbackpt () gmail com>]

David, I understand your point of view, but Raja didn't do anything illegal :)

Raja, this is an interesting "how to" about it:
http://www.buzzsurf.com/surfatwork/

Of course, as David said, I would not do it if you care about your work eheh



P.S. I'm sure this email will never arrive to the ML

On Thu, May 6, 2010 at 7:44 PM, David Gillett <gillettdavid () fhda edu> wrote:
>  A few years back, I recall a discussion in some online forum trying to
> reach consensus on a definition of the term "firewall".  Early proposals
> were in terms of implementation details, and so naturally people who favored
> proxies were unable to agree with those talking deep packet inspection, and
> so on.
>  The logjam was broken when someone stepped away from technical detail and
> offered "A firewall is a policy enforcement device."
>
>  So, what you are asking is how to violate the de facto (if it's not also
> de jure, you have a different kind of problem...) policy on a network you
> use.  How much trouble can that get you into?  If it's your employer's
> network, you could be risking your job....
>
>  Of course, you might just be like the developers of Skype (And a few other
> things out there) and decide up front that local network policy is your
> enemy (and the enemy of your application and its users), in which case what
> you build is a "policy violation device".
>
>  The *responsible* reaction if you need to do something which violates
> current policy is to lobby for an exception or amendment to the policy.  If
> it's an actual legitimate *need*, the folks who manage the firewall will
> find a way to accommodate it.
>
> David Gillett, CISSP CCNP
>
> -----Original Message-----
> From: Raja [mailto:raja1.it.consultant () gmail com]
> Sent: Wednesday, May 05, 2010 21:03
> To: security-basics () securityfocus com
> Subject: How to bypass firewalls
>
> Hi,
>
> Can anybody let me know the available methods for bypassing firewall for all
> kinds of traffic?
>
> Thanks,
> Raja
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate In this guide we
> examine the importance of Apache-SSL and who needs an SSL certificate.  We
> look at how SSL works, how it benefits your company and how your customers
> can tell if a site is secure. You will find out how to test, purchase,
> install and use a thawte Digital Certificate on your Apache web server.
> Throughout, best practices for set-up are highlighted to help you ensure
> efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
> d1
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------