The gist of this discussion seems to be that we are limited in what we can
achieve with technical methods. So with anything that provides an encrypted
tunnel through the firewall, we should tightly restrict which individuals
can have access to it on the inside, and validate the security/integrity of
whoever is on the other side of it?
And it's worse when this is done with some proprietary client, as we've been
asked to look at, since testing can always validate that all functionality
works, but security testing can't be relied on to flush out a trojan or
hidden function.
Peter Cooper
*** This E-Mail has been checked for viruses ***
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
