Firewall Wizards mailing list archives
Am I dreaming or is there a way to enforce different security Zon es at an application layer?
From: David Mackie <DMackie () ces com au>
Date: Thu, 4 Jan 2001 12:20:55 +1100
I suspect that this would be VERY Hard. I have been asked to find a way to do the following... Intercept an FTP, HTTP stream, file copy or even Notes Database replication do some fancy rules based scanning and send on the traffic. I have thought about using CVP on FW-1 and a modified virus definition file to strip out the unwanted content. This would not help with copying files to a UNC Share and would possibily have problems with notes databases. The other problem that we would have is some destinations could be allowed to get things that are Secret but not REALLY Secret Worse we will share most of our secrets but not ones which are secrets of just me and my mate. I would want to log everything not just attempts to send to invalid destinations. Would I do this by having a Custom Proxy grab the files put them in a gateway directory where we run our tests and then move it to a Mail Slot for delivery if clean/valid. Can you trick HTTP/FTP to respond normally so that the user does not know it is really store and forward? Is this a dream or can someone code this? Regards David _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Am I dreaming or is there a way to enforce different security Zon es at an application layer? David Mackie (Jan 03)