Firewall Wizards mailing list archives
Re: Citrix ICA through port 80?
From: Crispin Cowan <crispin () wirex com>
Date: Sat, 12 Feb 2000 22:23:28 +0000
Ivan Fox wrote:
If users can bypass a firewall, what's the point of having a firewall?
Firewalls are to keep the bad packets out. Firewalls are completely ineffective at keeping the users in. They were not designed to contain users, and are completely incapable of containing a determined user. For a counter-example to the idea of using firewalls to contain inside users, consider MJR's demo-ware that implemented TCP/IP over top of DNS requests. If you can get any data at all out, then you can put TCP/IP on top of it, and from there you can do anything. Thus for security purposes, firewalls are strictly access control devices to control what outsiders can do to your inside. Your firewall may be performing some kind of control on what your inside users can pass out, but it is strictly a convenience factor. A determined user can always push out if they want to. Crispin ----- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org JOBS! http://immunix.org/jobs.html
Current thread:
- Citrix ICA through port 80? SF BA (Feb 11)
- Re: Citrix ICA through port 80? Ivan Fox (Feb 12)
- Re: Citrix ICA through port 80? Crispin Cowan (Feb 14)
- Re: Citrix ICA through port 80? Lance Spitzner (Feb 15)
- Re: Citrix ICA through port 80? Crispin Cowan (Feb 14)
- Re: Citrix ICA through port 80? Mikael Olsson (Feb 12)
- <Possible follow-ups>
- RE: Citrix ICA through port 80? Troy Henley (Feb 12)
- Re: Citrix ICA through port 80? fgb (Feb 12)
- RE: Citrix ICA through port 80? Henry Sieff (Feb 14)
- RE: Citrix ICA through port 80? Bill Stout (Feb 15)
- RE: Citrix ICA through port 80? Sigler, Karl (Feb 15)
- Re: Citrix ICA through port 80? TC Wolsey (Feb 16)
- Re: Citrix ICA through port 80? Ivan Fox (Feb 12)