Firewall Wizards mailing list archives

Re: Firewall best practices

From: ArkanoiD <ark () eltex net>
Date: Wed, 28 Apr 2010 20:34:05 +0400

fwtk's grand-child does exactly that: you inspect traffic from "low-security"
sites to treat it just like generic http and leave banking/online payment connections intact.
I am thinking on adding a feature to examine certificates to ensure its validity
without MITMing the SSL itself. Have you seen my paper? I think i posted a link here.

On Tue, Apr 27, 2010 at 03:31:47PM -0400, Marcus J. Ranum wrote:


In Marcus-land the way we'd do it is have crypto that didn't
suck, and firewall rules that permitted outgoing crypto only
to (say, if online banking was an authorized activity during
office hours) a set of supported sites. Yeah, yeah, I know,
Marcus-land isn't a real place...


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Firewall best practices, (continued)
- - - Re: Firewall best practices Carson Gaspar (Apr 27)
    - Re: Firewall best practices ArkanoiD (Apr 28)
    - Re: Firewall best practices david (Apr 26)
    - Re: Firewall best practices John Morrison (Apr 27)
    - Re: Firewall best practices Harrell, Matthew (Apr 27)
    - Re: Firewall best practices Marcus J. Ranum (Apr 27)
    - Re: Firewall best practices Paul D. Robertson (Apr 27)
    - Re: Firewall best practices ArkanoiD (Apr 30)
    - Re: Firewall best practices Andre Lima (Apr 30)
    - Re: Firewall best practices Dave Piscitello (Apr 28)
    - Re: Firewall best practices ArkanoiD (Apr 28)
    - Re: Firewall best practices Nate Itkin (Apr 27)
    - Re: Firewall best practices Dave Piscitello (Apr 27)
    - Re: Firewall best practices Carson Gaspar (Apr 27)
    - Re: Firewall best practices Fetch, Brandon (Apr 27)
    - Re: Firewall best practices lordchariot (Apr 28)
    - Re: Firewall best practices Bruce B. Platt (Apr 30)
    - Re: Firewall best practices Cian Brennan (Apr 28)
    - Re: Firewall best practices Fetch, Brandon (Apr 28)
    - Re: Firewall best practices Mathew Want (Apr 30)
    - Re: Firewall best practices ArkanoiD (Apr 30)

(Thread continues...)