Firewall Wizards mailing list archives
Re: Microsoft invents SOAP
From: Neil Ratzlaff <Neil.Ratzlaff () ucop edu>
Date: Fri, 29 Oct 1999 10:18:33 -0700
I like this sentence: "Firewalls, provided by products such as the Microsoft® Proxy Server, can block incoming traffic based on various criteria and thereby increase an organization's confidence in the security of its systems." Linking M$ promoting their product with the implication that confidence is increased without claiming that security is increased. They seem to equate a firewall with router packet filtering capabilities (except for M$ Proxy Server, which they also think is a firewall). So they try to get around this archaic assumption by tunneling DCOM through the firewall masked as http. Next thing we know, Doubleclick will be using this to sneak their banners past the firewall blocks. Based on Microsoft's record, I am leery of DCOM, but I don't work with it so I don't know how dangerous it can be. I just couldn't resist the first comments. Neil At 08:39 10/28/99 -0500, Hardcastle, Kevin wrote:
I will start with a link to published propaganda. http://msdn.microsoft.com/xml/general/SOAP_White_Paper.asp Microsoft has replace DCOM with SOAP (Simple Object Access Protocol) for e-commerce development. DCOM had many shortcomings when trying to communicate through firewalls, they never really understood how NAT worked. This tool set allows DCOM objects to basically be encapsulated inside http. Their suggestion is to open a port 80 proxy from your webserver(s) to your application server(s) on the inside. InternetWeek claims this is potentially dangerous and serious security flaw. Though doesn't elaborate on the details. I pose this question to the group, what are the potential dangers of tunneling DCOM objects or in essence an application through a well known port (http). I am assuming an application proxy based firewall with a standard inbound port 80 wrapper. Locked down from the IP of web server to the IP of application server. The application server must be aware of the payload and be able to strip it out of the http tunnel and execute it. Thanks for your input. Kevin Hardcastle Information Security Group Alliance Blue Cross Blue Shield
Current thread:
- Microsoft invents SOAP Hardcastle, Kevin (Oct 28)
- RE: Microsoft invents SOAP Phil Cox (Oct 29)
- Re: Microsoft invents SOAP Neil Ratzlaff (Oct 29)
- <Possible follow-ups>
- RE: Microsoft invents SOAP Scott, Richard (Oct 29)
- RE: Microsoft invents SOAP sean . kelly (Oct 29)