Great Circle Associates Firewalls
(February 1998) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: SSL Proxies revisited
From: Bennett Todd <bet @ rahul . net>
Date: Tue, 10 Feb 1998 04:23:59 -0800
To: jcroall @ foo . org
Cc: firewalls @ greatcircle . com
In-reply-to: <firewalls . 199802061657 . LAA29670 @ mocha . foo . org> 
1998-02-06-16:57:26 James Croall:
>[...] and now AOL even supports connection to their network via this
>type of proxy. [...] and AOL's services can listen on port 443 now too.

I detect a common theme here --- sounds like you should stomp AOL's
netblocks flat at your external screening router, block all access to
'em.

I also don't let SSL through at all, and don't intend to until and
unless I can get a Man-In-The-Middle proxy for it, that can enforce the
same rules we apply to http: only a short list of acceptible MIME types,
and all applets get stripped out of it on the way through.

-Bennett
Indexed By Date Previous: IOS Firewall
From: Yahia Alaoui <yalaoui @ open . net . ma>
Next: Re: http server for bastion host
From: Peter da Silva <peter @ baileynm . com>
Indexed By Thread Previous: Re: SSL Proxies revisited
From: Adam Shostack <adam @ homeport . org>
Next: RE: SSL Proxies revisited
From: Joseph Judge <joej @ ultranet . com>
Google
 
Search Internet Search www.greatcircle.com