Firewall Wizards mailing list archives
RE: SSL
From: "Stefan Norberg" <stefan () orbisec com>
Date: Thu, 18 Oct 2001 01:00:45 +0200
Gary,
Just a quick question on SSL. If I allow SSL outbound, and a user browses a web site that is corrupt with something harmful like NIMDA, is
it
possible that they will infect my network... and will the firewall not
pass
it along without checking?
Yes. SSL is end-to-end; (browser) client to (web) server encryption. nothing a proxy or firewall can do here.
If true, how can I combat this? Is there a product that will stop the packets and inspect them before being returned to the requester?
Make sure that all clients have constantly updated anti-virus software and latest security patches applied. A somewhat painful option is also to consider only allowing SSL to certain trusted websites. Stefan _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- SSL Crumrine, Gary L (Oct 17)
- Re: SSL Frederick M Avolio (Oct 18)
- Re: SSL R. DuFresne (Oct 18)
- Re: SSL teo (Oct 18)
- Re: SSL Patrick M. Hausen (Oct 18)
- RE: SSL Stefan Norberg (Oct 18)
(Thread continues...)