Todd Anderson <[EMAIL PROTECTED]> wrote:
>how can activeX (exttremely dangerous) be blocked out? Please excuse my
>ignorance, but can you just restrict certian TCP ports or does something
>else need to be done?
ActiveX is passed in the HTTP protocol stream, as I understand (I'm not an
expert in this area). So you can't block it by restricting TCP ports,
since blocking it that way would block all web access. You need something
more sophisticated, such as some of the products that have been mentioned
in this mailing list. Some (most?) firewall products include HTTP proxies
that can filter out the ActiveX code from the HTTP stream, which may be a
better solution, depending on your environment. Gauntlet Internet
Firewall, made by my employer, includes this capability.
Not an expert in this area, but that's my understanding.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
