Firewall Wizards mailing list archives

RE: SSL banking connections out of the firms firewall

From: Henry Sieff <hsieff () orthodon com>
Date: Fri, 28 Sep 2001 11:19:20 -0500

If its http over ssl, the firewall rules would be similar to http
except port 443 would replace 80. Now, as for security issues, the
main one I would be aware of is that the session will be encrypted
(obviously) so (unlike http) any content-based policy rules (ie no
active X content or js etc.) would be unenforceable on that session.

Henry

-----Original Message-----
From: Walker Andrew [mailto:andrew.walker () capco com]
Sent: Thursday, September 27, 2001 11:35 AM
To: 'firewall-wizards () nfr com'
Subject: [fw-wiz] SSL banking connections out of the firms firewall

Hi,

I recently received a request from a user wanting to do his 
private banking
via an SSL connection negotiated from his client laptop 
(company issue,
connected to the internal LAN) to his banks server through 
the corporate
firewall.

I read up about SSL as a protocol and about public key 
encryption, but I'm
still undecided.  I have no help from the firms Internet 
policy to guide me
so I'm looking for advise regarding how one would go about 
allowing it by a
rule on FW1, if there are any security risks to be aware of, 
and also if
anyone has  any guidelines or experience of internet policies 
that deal with
this kind of Internet usage from within the firm.

Thanks in advance

Andrew


**************************************************************
**********
The information in this email is confidential and is intended solely
for the addressee(s).
Access to this email by anyone else is unauthorised. If you are not
an intended recipient, you must not read, use or disseminate the
information contained in the email.
Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be
the views of Capco.

http://www.capco.com
**************************************************************
*********

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

RE: SSL banking connections out of the firms firewall Henry Sieff (Oct 01)
- <Possible follow-ups>
- Re: SSL banking connections out of the firms firewall Rick Smith at Secure Computing (Oct 01)
- Re: SSL banking connections out of the firms firewall Paul D. Robertson (Oct 02)
  - Re: SSL banking connections out of the firms firewall Illes Marci (Oct 11)