The Seven web-site http://www.seven.com is VERY short on security information and doesn't define what equipment will work with their gear. According to the Cingular brief: "Cingular sets up an SSL tunnel or full VPN between its (Cingular's) network and the corporate network. Installed on the Cingular network are a suite of applications from Seven Networks" that act as a two-way proxy between the corporate network and the wireless operator. The wireless device only access the provider's network. How the provider establishes the SSL or VPN connection to the resource inside the corporate network isn't clear. It works on port 443 according to the article so it is possible that the workstation software initiates a connection to the provider which is poxy connected to the wireless device.
Seven's president isn't a security guy but he is a techie with a fantastic record for building profitable products. His director of engineering came from Sun where he worked on the Java server team and he also did some work for WebMD. He should have some security insight but there still isn't enough information available to really understand how the product really works and what steps were taken to ensure it works securely. The on-line banking app I reviewed in the UK used WTSL encryption to secure the connection from the phone to the access server. The access server connected to a WAP gateway which proxied SSL connections to the bank's web site. This for all pratical purposes required the bank to trust the wireless provider's gateway security. All transmitted data had to be converted to clear text by the gateway during the SSL to WTSL conversion. One of those gateway services with BT Genie which uses Seven software but the gateway was limited to connections to the a single web server and did not have access though any firewalls into the corporate network. Bill Stackpole, CISSP ----- Original Message ----- From: "Hart, Kevin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, January 29, 2002 9:26 AM Subject: Wireless carriers exploit firewall bypass > Greetings, > > I came across this one on Infoworld's Site. > > http://www.infoworld.com/articles/hn/xml/02/01/28/020128hnport.xml > > Has anyone seen this in action? > > Assuming that most companies would be unable to block outbound 443 > completely, > one would have to block outbound 443 to the specific IP addresses or ranges > where the "servers" registers themselves...? > > It is comforting to know that Wireless Companies are helping Corporate IT > speed up the pace of the adoption of wireless. I'm sure they have our best > and most secure [grin] interests in mind. > > Kevin > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
