Firewall Wizards mailing list archives
RE: Firewall(s) "maxed" out
From: JSK <jsk347 () sprynet com>
Date: Sun, 17 Oct 1999 23:28:41 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sharon: I'll be the first to say I've not looked at this 'visto' till just now, and I only took a peek at it. I can't figure much about them from their web site, but I would have a REAL SERIOUS CONCERN with users having their (sometimes sensitive) company e-mail sent to an outside location, where it can be hacked/read/snooped/sniffed (blah blah) by anyone. Have you looked at this 'background' job your users run to see what ELSE it might be sending out? How secure is it? Has anyone looked at the code to see what it is really doing? You spend a lot of money maintaining firewalls to keep the outside world at bay. You try to ensure that your confidential internal e-mail's regarding the complany business STAY confidential. Are you sure policy allows this? It SEEMS like this would not be a good thing to me. Call me wild and crazy...not to mention just plain paranoid! JSK At 12:54 PM 10/15/1999 -0400, Regan, Sharon wrote:
Hi: Sorry for the delay in getting back to you, but we're a three person internetwork shop supporting a user population of 5,000 + Anyway, I believe we have found the new "killer" app. There are all
types
of these free e-mail "services" (if you will), like yahoomail and
hotmail,
etc. Well, there's this new one called visto. What this one does is allow a user to "synchronize" his/her regular (company) e-mail with his/her visto mail, calendar, etc., such that, whenever a new message arrives in the corporate mailbox, you see it
in the
visto mailbox. The users download an app from visto which runs in
the
background on the office desktop machine, and which then tunnels data
back
to visto inside of HTTP. So, on the surface of things, it just looks
like a
regular browser session. We're finding increasing numbers of users availing themselves of this "service" .... word spreads like wildfire among the masses .... our firewalls work harder, longer, require more disk space to log all
this
stuff, there is additional traffic on the Internet T-1 (which is not
there
for the exclusive use of employees ... we actually do e-business ! ),
etc.
I've rebuilt my kernel and added more disk space since I posted to
the list,
but I'm seriously considering putting an access-list on the serial
interface
of my internet edge router and be done with it, once and for all. Sharon
- ----> Stuff deleted to save bandwidth... -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.5.3 iQA/AwUBOAqT6OZ40Wmdt8j7EQLBNwCfa6hCJr08TDIruVfxnSPVsC0oq+oAoOiy 9qVsc/lEHG4tdqacfnFHBv5v =rjL0 -----END PGP SIGNATURE----- Strong encryption on the net without trapdoors, backdoors, key recovery or key escrow must be a worldwide right for the net to survive. Make the net a safer place for your data...learn to use strong encryption today! PGP KeyID: 0x9DB7C8FB PGP Fingerprint: 6F80 6F39 33F2 195A 0937 A91D E678 D169 9DB7 C8FB
Current thread:
- Firewall(s) "maxed" out Regan, Sharon (Oct 12)
- Re: Firewall(s) "maxed" out Joseph S D Yao (Oct 12)
- Re: Firewall(s) "maxed" out Johann G. Hautzinger (Oct 16)
- <Possible follow-ups>
- RE: Firewall(s) "maxed" out Regan, Sharon (Oct 16)
- RE: Firewall(s) "maxed" out JSK (Oct 18)
- Re: Firewall(s) "maxed" out Steven M. Bellovin (Oct 18)
- Re: Firewall(s) "maxed" out Joseph S D Yao (Oct 12)