Firewalls: RE: Blocking non-http (executable) content

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Blocking non-http (executable) content
From:	Ian Miller <firewalls @ scientia . com>
Date:	Tue, 03 Sep 1996 08:54:37 +0100
To:	firewalls @ greatcircle . com

At 16:46 02/09/96 -0700, Bill Stout <bill .
 stout @
 hidata .
 com> wrote:
>Hmm.  An OLE Proxy via Catapult only.  Next all other firewall vendors
>will have to play catch-up with Microsoft.
>
Given the power of OLE and its near total lack of even elementary integrity
checking let alone security checking, OLE is one of the last services anyone
should allow through a Firewall with or without proxies. 
(If you want a VPN, you can use a general NetBUI encrypted tunnel so don't
need proxies.)

I think that the trend towards increasing programmable features 
(e.g. Word/Excel macros, Java/Active-X etc.) is wholly incompatible with
achieving secure networks.  Regretably I fear this won't be appreciated by
a lot non-technical managers until lots of real damage has been done.

Ian

Indexed By Date	Previous:	C2 certified OS that can run a firewall From: "Mattias Lindstr\vm" <mattias . lindstrom @ ihc . se>
Indexed By Date	Next:	Re: WWW servers (Again) From: "Geoffrey Ellison" <geoff @ smartnet . co . za>
Indexed By Thread	Previous:	RE: Blocking non-http (executable) content From: Bill Stout <bill . stout @ hidata . com>
Indexed By Thread	Next:	Re: Blocking non-http (executable) content From: peter @ baileynm . com (Peter da Silva)