Firewall Wizards mailing list archives
Re: Using SSL accelerators in firewalls
From: "Fabio Pietrosanti (naif)" <naif () blackhats it>
Date: Wed, 17 Jul 2002 16:43:54 +0200
On Wed, Jul 17, 2002 at 02:18:33PM +1000, Darren Reed wrote:
There would seem to be a growing trend in using SSL accelerators not next to the web server but attached to a firewall so that it isn't https traffic that passes through but http. To me this screams out "bad design" as the end-to-end encryption is lost in the process and the security of transactions eroded. What do others think? Is this becoming a "done thing" that is more and more acceptable to corporates or is this just an isolated thing?
The fact is that modern firewall need to implement as many feature as possible to survive on this market and with an SSL accellerator they can: - Say that the performance of their webserver behind their firewall will increase!!! - Implement content filtering on https connections - Implement various way of authentication trough client-side certificate, login and password, etc,etc on https connection ( Woah!! ) :) - Use Network Intrusion Detection also on https connection!!! ( you sniff the connection in clear behind the firewall ) So i think that it's much more a "marketing" reason than a technical reason. Think... how big is the SSL Accellerator market? Very little, so why don't integrate it with the Firewall that will ever exists in a infrastructure with ssl accellerator! -- Fabio Pietrosanti ( naif ) E-mail: naif () blackhats it - naif () sikurezza org PGP Key (DSS) http://naif.itapac.net/naif.asc -- "Hacking is the future of security research" R.Power, CSI Free advertising: www.openbsd.org Multiplatform Ultra-secure OS _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Using SSL accelerators in firewalls Darren Reed (Jul 17)
- Re: Using SSL accelerators in firewalls David Pick (Jul 17)
- Re: Using SSL accelerators in firewalls Darren Reed (Jul 17)
- Re: Using SSL accelerators in firewalls Carson Gaspar (Jul 22)
- Re: Using SSL accelerators in firewalls Ryan McBride (Jul 17)
- Re: Using SSL accelerators in firewalls Scott Walker Register (Jul 17)
- Re: Using SSL accelerators in firewalls Paul Robertson (Jul 17)
- RE: Using SSL accelerators in firewalls Ian Peters (Jul 17)
- Re: Using SSL accelerators in firewalls Fabio Pietrosanti (naif) (Jul 17)
- Re: Using SSL accelerators in firewalls Ryan Russell (Jul 17)
- <Possible follow-ups>
- Re: Using SSL accelerators in firewalls miha (Jul 17)
- RE: Using SSL accelerators in firewalls Dawes, Rogan (ZA - Johannesburg) (Jul 17)
- RE: Using SSL accelerators in firewalls Dawes, Rogan (ZA - Johannesburg) (Jul 17)
- RE: Using SSL accelerators in firewalls Dawes, Rogan (ZA - Johannesburg) (Jul 17)
- Re: Using SSL accelerators in firewalls Dana Nowell (Jul 17)