Firewall Wizards mailing list archives
Re: SSL Vulnerabilities?
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Thu, 5 Aug 1999 10:01:24 -0700
Our front end firewall is a NT based Gauntlet 5.0 with only the SSL port open to the internet. Since we are using the built in SSL/Http-Proxy
...
Our thoughts were to simply disable the proxy and use Packet filtering rules to manage the communications between the interent and the Webserver over the SSL port. Other than the fact that NT is bad platform to sit your firewalls on, can any one think of any reason why this might be a BAD idea.
My impression is that there really isn't anything useful an app proxy can do with SSL, being that it's encrypted at all. For the payload, a packet filter ought to be equivalent. You do get some automatic protection with an app proxy in terms of transport headers and such, so if you switch to a packet filter, make sure the web server's OS has all it's patches, etc.. Ryan
Current thread:
- SSL Vulnerabilities? Kyle Starkey (Aug 05)
- Re: SSL Vulnerabilities? Joseph S D Yao (Aug 06)
- Re: SSL Vulnerabilities? Ge' Weijers (Aug 06)
- RE: SSL Vulnerabilities? Arjan Vos (Aug 06)
- <Possible follow-ups>
- Re: SSL Vulnerabilities? Ryan Russell (Aug 06)
- Re: SSL Vulnerabilities? czarcone (Aug 07)