Firewalls: Re: Java blocking

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Java blocking
From:	Bob Beck <beck @ obtuse . com>
Date:	Thu, 26 Sep 1996 08:54:24 -0600 (MDT)
To:	davem @ iss . net (David J. Meltzer)
Cc:	rob @ vulcan . achq . dnd . ca, firewalls @ GreatCircle . COM
In-reply-to:	<Pine . LNX . 3 . 91 . 960925182650 . 7511A-100000 @ phoenix . iss . net> from "David J. Meltzer" at Sep 25, 96 06:44:24 pm

> 
> I would expect as companies become more strict in implementing blocking of
> specific web pages and services that this sort of covert proxy will become
> increasingly common.
>

	Assuming the knowledgeable user has access outside to support
the far end, most things can be tunnelled through this way, Heck I've
done similar things, and watched them being done. You need a security
policy that is sanctioned from the top. A java block is to
(presumably) enforce a security policy statement that says "Don't do
this and this is why", as opposed to the security policy being
"Whatever the firewall doesn't block is O.K.".

	The difference between the two being if you do the above with 
proper policy in place, the user is disciplined/fired/etc. Without it
it just becomes a game to the users. 

	-Bob
---------------------------------------------------------------------------
Bob Beck					 Obtuse Systems Corporation
beck @
 obtuse .
 com					 http://www.obtuse.com/	
"Duct tape is like the force.  It has a light side, and a dark side, and
it holds the universe together"

References:

Re: Java blocking
From: "David J. Meltzer" <davem @ iss . net>

Indexed By Date	Previous:	Re: Java blocking From: David Vincenzetti <vince @ cryptonet . it>
Indexed By Date	Next:	Firewall for NT networks with transparent authentication From: Per-Henning Valderhaug <valper @ nodeca . mil . no>
Indexed By Thread	Previous:	Re: Java blocking From: "David J. Meltzer" <davem @ iss . net>
Indexed By Thread	Next:	Re: Java blocking From: carl @ hdshq . com