Using the firewall to filter ActiveX and Java is like throwing out the
baby with the bath water. This sounds more like a macro virus than a
Internet exploit. Wouldn't it be better to treat it at the desktop
instead of the firewall?
Mike Starkweather
----------
From: Jerry Mendes[SMTP:mendes @
garnet .
berkeley .
edu]
Sent: Saturday, February 08, 1997 5:05 AM
To: Russ
Cc: firewalls @
GreatCircle .
COM
Subject: RE: [NTSEC] ActiveX, MSIE and Quicken
Presumably, one answer is for the firewall companies to write
additional
application layer filters for port 80, looking for ActiveX or Java
downloads. This would make configuration of the firewall a bit more
complex. Don't know if any of 'em are considering this yet. Anyone
have
any scoop on this?
Jerry Mendes, Principal Consultant
DataComm Insights
150 Seminary Drive
Mill Valley, California 94941
Voice: 415-381-5500
FAX: 415-381-5502
Email: mendes @
garnet .
berkeley .
edu
At 11:40 PM 2/1/97 -0500, Russ wrote:
>To try and keep this on a Firewalls vein. The tunneling of anything
over
>HTTP is, in my opinion, the crappy technology. That goes for Java
>applets or certificate authentication for that matter. I don't like
the
>idea of combining diverse tasks within a single channel if its
possible
>to avoid it, and it is possible, so the only reason its not being
done
>is to USURP FIREWALLS.
_______________________________________________________________________
_____
_______
Jerry Mendes, Principal Consultant Voice: (415)
381-5500
DataComm Insights FAX: (415)
381-5502
150 Seminary Drive Email:
mendes @
garnet .
berkeley .
edu
Mill Valley, California 94941
Follow-Ups:
|
|
