Firewalls: ftp and html through firewall

Firewalls
(February 1996)

Indexed By Thread: [Previous] [Next]

Subject:	ftp and html through firewall
From:	rebowes @ tasc . com (Bob Bowes)
Date:	Thu, 22 Feb 96 08:59:55 EST
To:	firewalls @ greatcircle . com

I'm trying to provide feedback to management that allowing direct ftp
and http (ports 20, 21, & 80) access to an internal machine is bad.
They want concrete evidence that it's bad, not just a bad idea.  I know
there are some ftp and html vulnerabilities, but I don't have any in
front of me right now.  If you know of some, please let me know.

BTW, my recommendation of putting the server outside an application
level firewall was rejected.  I would still like to prove my case.

Bob

Follow-Ups:

Re: ftp and html through firewall
From: Martin Fredriksson <emwmf @ emw . ericsson . se>
Re: ftp and html through firewall
From: Andrew Benhase <abenhase @ Tach . Net>
Re: ftp and html through firewall
From: jgt10 @ amdahl . com (John G. Thompson)

Indexed By Date	Previous:	Re: your mail From: Mike Malik -- Dover DE <mam @ ssds . com>
Indexed By Date	Next:	Re: Security aspects of user names From: rebowes @ tasc . com (Bob Bowes)
Indexed By Thread	Previous:	Re: dos sniffers? From: "Joseph L. Moll" <jmoll @ acquion . com>
Indexed By Thread	Next:	Re: ftp and html through firewall From: jgt10 @ amdahl . com (John G. Thompson)