Firewall Wizards mailing list archives
executable content
From: dnewman () McGraw-Hill com
Date: Tue, 23 Sep 97 19:30:20 -0500
mjr wrote:
E) Expecting a decent portion of firewall administrators to be like those I mentioned above, how restrictive are most commercial firewall products out-of-the-box? (i.e., Is my feeling that 3) should be blocked by default the reality?)
I'd guess that most commercial firewalls, out of the box, won't block Java/ActiveX unless you tell them to. That may be a wrong guess, though.
At the time of the Data Comm test (January/February '97) only three out of 20 firewalls had built-in screening for Java *and* ActiveX: Global Internet (now Cisco), Seattle Software Labs (now Watchguard), and TIS. Eight could screen Java: Altavista (DEC), ANS, Check Point, GI, Raptor, Seattle, Secure Sidewinder, and TIS. Dunno if that's changed since. Check Point has a bunch more partners, including Finjan, so they may have a plug-in for ActiveX. Seems kinda scary that at least 12 firewalls have no capability for screening executable content. . . dn
Current thread:
- executable content dnewman (Sep 23)
- Re: executable content Wyllys Ingersoll (Sep 23)
- Re: executable content Marcus J. Ranum (Sep 23)
- Re: executable content Wyllys Ingersoll (Sep 23)