Security Basics mailing list archives
RE: Are Proxy Firewalls a Security Hole?
From: "David Harley" <david.a.harley () gmail com>
Date: Fri, 1 Jun 2012 17:02:07 +0100
First, the EICAR file isn't a virus or by any stretch of the imagination malicious. It simply displays a text string. Secondly, while most mainstream AV companies do detect and flag it, mostly for the benefit of people needing an installation check, they're not actually required to do so, and it's unusual for other types of security product to detect it. In any case, the specification of the EICAR file is deliberately very restricted. If you embed it in a larger file, it's no longer the EICAR test file, and most products that detect the real thing will, by design, disregard it unless they detect true malicious code within the larger file. http://eicar.org/86-0-Intended-use.html http://www.amtso.org/amtso-download-using-testfiles.html http://go.eset.com/us/resources/white-papers/AVAR-EICAR-2010.pdf -- David Harley CITP FBCS CISSP Small Blue-Green World ESET Senior Research Fellow
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Dav Fisher Sent: 31 May 2012 23:55 To: security-basics () securityfocus com Subject: Are Proxy Firewalls a Security Hole? Given that people are sending larger and larger files, proxy firewalls seem to be limited since they can't inspect files after a certain point and the 'stream', 'flow', 'express' AV options of many of the proxy firewall vendors inspect only a portion of the large file. I've been able to put the Eicar virus in different locations of a large test file and successfully get the file through the firewall. So, are proxy firewalls a security hole? -------------------------------------------------------------- ---------- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946; e13b6be442f727d1 -------------------------------------------------------------- ----------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Are Proxy Firewalls a Security Hole? Dan Lynch (Jun 01)
- <Possible follow-ups>
- Re: Are Proxy Firewalls a Security Hole? Rob (Jun 01)
- Re: Are Proxy Firewalls a Security Hole? Stephanus J Alex Taidri (Jun 01)
- Re: Are Proxy Firewalls a Security Hole? Dav Fisher (Jun 04)
- RE: Are Proxy Firewalls a Security Hole? David Harley (Jun 01)
- Re: Are Proxy Firewalls a Security Hole? Kurt Buff (Jun 01)