RE: SSL

[Bruce Platt <Bruce () ei3 com>]

Complex question.  From the bottom up, some firewalls will not do any
checking.  Some do check for content, but the firewall would have to be able
to read the SSL encrypted stream.  That's not likely.

Regarding Nimda: One way that Nimda infects others is to present a small
java-script to the browser which passes window.open(\"readme.eml\"" .  

If you are running a vulnerable version of a browser, Outlook, and do not
have security set in that and aren't running up-to-date antivirus
definitions, then the machine running the browser gets infected.  A simple
thing to do is to disable java script in your browser and in Outlook.

> From there on, Nimda can wreak havoc along file shares, etc.

Check out http://www.incidents.org/react/nimda.pdf for an explanation of how
Nimda works, how it propagates, and what you need to do to be protected.

The above document is definitely recommended reading.

Regards

-----Original Message-----
From: Crumrine, Gary L [mailto:CrumrineGL () state gov]
Sent: Tuesday, October 16, 2001 8:19 AM
To: firewall-wizards () nfr com
Subject: [fw-wiz] SSL



        Just a quick question on SSL.  If I allow SSL outbound, and a user
browses a web site that is corrupt with something harmful like NIMDA, is it
possible that they will infect my network... and will the firewall not pass
it along without checking?

        If true, how can I combat this?  Is there a product that will stop
the packets and inspect them before being returned to the requester? 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards