Firewall Wizards mailing list archives

Re: SSL Vulnerabilities?

From: "Ge' Weijers" <ge () progressive-systems com>
Date: Thu, 5 Aug 1999 12:02:53 -0400

Hi,

The proxy protects you against exploits that target bugs in the server
IP stack, I can't see any other use for it. If you go the packet
filtering (sorry, MLSI) route some exploits may get through. Other
than that there should not be much of a difference between the two
setups. If you trust the server IP stack you can replace FW-1 with a
simple router filter set:

TCP destination port 443 inbound
TCP source port 443 outbound (established only)
some ICMP types to keep Path MTU working.

That should save your company some money, but it may be politically
unwise to propose that :-/

Ge'

-- 
-
Ge' Weijers                                Voice: (614)326 4600
Progressive Systems, Inc.                    FAX: (614)326 4601
2000 West Henderson Rd. Suite 400, Columbus OH 43220

Current thread:

SSL Vulnerabilities? Kyle Starkey (Aug 05)
- Re: SSL Vulnerabilities? Joseph S D Yao (Aug 06)
- Re: SSL Vulnerabilities? Ge' Weijers (Aug 06)
- RE: SSL Vulnerabilities? Arjan Vos (Aug 06)
- <Possible follow-ups>
- Re: SSL Vulnerabilities? Ryan Russell (Aug 06)
- Re: SSL Vulnerabilities? czarcone (Aug 07)