Firewall Wizards mailing list archives
Re: VM system for firewall use
From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 12 Oct 2004 11:25:55 -0400 (EDT)
On Tue, 12 Oct 2004, ArkanoiD wrote:
1. The filter gets all data anyway, so all data going through the proxy is immediately subject to compromise (i.e. the filter can pass back *anything* to compromise an internal machine (say send the next IE browser a GDI exploit?) and the internal systems talk to the proxy.No, the proxy is not at all that dumb to get data from the filter back and to use it blindly. Its iterface to filter is restricted; filter may be not allowed to modify content at all - just instruct proxy with simple actions. That's a design issue i should keep in mind.
That's a good design- hopefully the marketing folks that are driving the changes don't "need" the filtering product to pass back this-is-why-we-blocked-you HTML, which seems to be the typical chance for the filtering product manufacturers to get their "brand" in front of the Web browser, or to make the filter a stand-alone product. It still amazes me when folks writing security software *design* it well- I've become very jaded over the years. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- VM system for firewall use ArkanoiD (Oct 11)
- Re: VM system for firewall use Bennett Todd (Oct 11)
- Re: VM system for firewall use John Babwell (Oct 11)
- Re: VM system for firewall use Paul D. Robertson (Oct 11)
- Re: VM system for firewall use ArkanoiD (Oct 12)
- Re: VM system for firewall use Paul D. Robertson (Oct 12)
- Re: VM system for firewall use ArkanoiD (Oct 12)
- Re: VM system for firewall use Paul D. Robertson (Oct 12)
- Message not available
- Message not available
- Re: VM system for firewall use ArkanoiD (Oct 12)
- Re: VM system for firewall use Paul D. Robertson (Oct 12)
- Re: VM system for firewall use ArkanoiD (Oct 12)
- Re: VM system for firewall use Christopher Hicks (Oct 12)
- Re: VM system for firewall use Christopher Hicks (Oct 12)
- Re: VM system for firewall use Paul D. Robertson (Oct 12)
- Re: VM system for firewall use Marcus J. Ranum (Oct 12)
- Re: VM system for firewall use Bennett Todd (Oct 12)
- Re: VM system for firewall use Ng Pheng Siong (Oct 14)
- Re: VM system for firewall use Crispin Cowan (Oct 17)
- Re: VM system for firewall use Christian Kreibich (Oct 12)
- Re: VM system for firewall use Paul D. Robertson (Oct 12)