Firewall Wizards mailing list archives
Re: SSL Vulnerabilities?
From: "Ge' Weijers" <ge () progressive-systems com>
Date: Thu, 5 Aug 1999 12:02:53 -0400
Hi, The proxy protects you against exploits that target bugs in the server IP stack, I can't see any other use for it. If you go the packet filtering (sorry, MLSI) route some exploits may get through. Other than that there should not be much of a difference between the two setups. If you trust the server IP stack you can replace FW-1 with a simple router filter set: TCP destination port 443 inbound TCP source port 443 outbound (established only) some ICMP types to keep Path MTU working. That should save your company some money, but it may be politically unwise to propose that :-/ Ge' -- - Ge' Weijers Voice: (614)326 4600 Progressive Systems, Inc. FAX: (614)326 4601 2000 West Henderson Rd. Suite 400, Columbus OH 43220
Current thread:
- SSL Vulnerabilities? Kyle Starkey (Aug 05)
- Re: SSL Vulnerabilities? Joseph S D Yao (Aug 06)
- Re: SSL Vulnerabilities? Ge' Weijers (Aug 06)
- RE: SSL Vulnerabilities? Arjan Vos (Aug 06)
- <Possible follow-ups>
- Re: SSL Vulnerabilities? Ryan Russell (Aug 06)
- Re: SSL Vulnerabilities? czarcone (Aug 07)