-----BEGIN PGP SIGNED MESSAGE-----
does anyone know of a proxy that will sit as a man-in-the-middle ona
firewall to pass SSL trafic, but have it decrypted on the firewall to
allow for the type of scanning that is desired?
David Lang
"If users are made to understand that the system administrator's job is to
make computers run, and not to make them happy, they can, in fact, be made
happy most of the time. If users are allowed to believe that the system
administrator's job is to make them happy, they can, in fact, never be made
happy."
- -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA '97)
On Thu, 4 Feb 1999, Paul Krumviede wrote:
> Date: Thu, 04 Feb 1999 12:11:12 -0800
> From: Paul Krumviede <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Cc: Paul D. Robertson <[EMAIL PROTECTED]>,
firewalls <[EMAIL PROTECTED]>
> Subject: Re: Routing protocols thru firewall
>
> From a different Paul...
>
> The problem is that many people notice that HTTP and SSL are allowed
> through firewalls, they decide the best way to get nifty new service
> through is to run it over HTTP or SSL. Many people avoid implementing
> something like SMTP auth by running SMTP over SSL. Now say that you
> want your firewall to scan for virii, trojans, whatever. How does it
> do that?
>
> For the truly amusing scenario, consider people who want to let MBONE
> stuff, which is basically arbitrary IP packets encapsulated in a
> unicast stream, through the firewall to a multicast server inside
> your net that will strip the encapsulation and place the revealed
> packets on your net. Does that make you feel comfortable about
> letting it through your firewall?
>
> -paul
>
> Michael Sorbera wrote:
> >
> > Hello everyone,
> > Paul, you mentioned that SSL was one of your "no's". Could you please explain to
> > me how SSL can be used to encapsulate something? Also why the no? Please keep
> > the explanation down to a level I can understand.
> >
> > Thanks all,
> > Michael Sorbera
> > Webmaster/Network Engineer
> > Randolph-Brooks Federal Credit Union
> > www.rbfcu.org
> > [EMAIL PROTECTED]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBNroUGj7msCGEppcbAQEmqwf/X/IYzcWr5BTgVdgyb/X0s/vNxFLr5rNd
lnyOF1qFPoSX4O7zjlzK1EOfEHgOL88KmSScydKvl2Lqlg93KNz4tcRiYtzD5qCU
uLtoQ6zPp1Lb677DNZvfMuy/lTtXXXidXmfSM+9avC0NDD+tm8DyhHcu4mVXEhI2
1FatS97PZ274ossbYfNYHtSzoupotxhQ+LqOJDZZAaRtbtKMvOQtehgm1FcaBORF
d7OjwAThMOo63VQRSpJSy7HLcHPw8EqMWGucey7/GMHWdsQcpZtQSy/NBM2PCoKc
W/vATP8jH5HDeO6AJH9zq6TIUKsHWnxlRfl1tzHfIudAAd62WbGG9g==
=oQkt
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
