IIS buffer overflows and firewalls

[Joseph Steinberg <Joseph () whale-com com>]

> The application-control engine of Air Gap technology is designed to allow
> you to generate granular rules for the application at hand, without
> arbitrarily selecting a maximum length (although you can also set length
> requirements). The filtering takes place behind a physical
> disconnection (and secure reverse proxy).
>
> Inspection can be based on examining the URL itself, the parameters, the
> HTTP methods, etc. - both length and values can be examined, and only
> acceptable URLs are allowed to pass to the server. It all happens on the
> safe side of the air gap, so hackers cannot bypass the inspection.
>
> You do not need to restrict all of the URLs with global rules -- you can
> set rules per URL as well. The rules would be based upon what the back-end
> applications support; in fact, you could even "record" legitimate usage of
> the application and have the system generate rules for you (which you can
> tweak as necessary).
>
> -- Joseph Steinberg
             _.._
>            (_.-.\         Joseph Steinberg
>        .-,       `        Director of Technical Services
>   .--./ /     _.-""-.     Whale Communications
>    '-. (__..-"       \
>       \          a    |   joseph () whale-com com
>        ',.__.   ,__.-'/   (201) 947-9177 x1511
>          '--/_.'----'`    http://www.whalecommunications.com
>
> Register for a live web demo of Whale's e-Gap System
> (http://www.whalecommunications.com/forum)
> Tuesday, May, 22, 2001; 12:00 pm Eastern Time; 11:00 am Central Time; 9:00
> am Pacific Time.
>
> Visit us at Booth 7215 at Networld+InterOp in Las Vegas, May 8-10.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards