Firewall Wizards mailing list archives
RE: SSL
From: Bruce Platt <Bruce () ei3 com>
Date: Wed, 17 Oct 2001 10:23:11 -0400
Complex question. From the bottom up, some firewalls will not do any checking. Some do check for content, but the firewall would have to be able to read the SSL encrypted stream. That's not likely. Regarding Nimda: One way that Nimda infects others is to present a small java-script to the browser which passes window.open(\"readme.eml\"" . If you are running a vulnerable version of a browser, Outlook, and do not have security set in that and aren't running up-to-date antivirus definitions, then the machine running the browser gets infected. A simple thing to do is to disable java script in your browser and in Outlook.
From there on, Nimda can wreak havoc along file shares, etc.
Check out http://www.incidents.org/react/nimda.pdf for an explanation of how Nimda works, how it propagates, and what you need to do to be protected. The above document is definitely recommended reading. Regards -----Original Message----- From: Crumrine, Gary L [mailto:CrumrineGL () state gov] Sent: Tuesday, October 16, 2001 8:19 AM To: firewall-wizards () nfr com Subject: [fw-wiz] SSL Just a quick question on SSL. If I allow SSL outbound, and a user browses a web site that is corrupt with something harmful like NIMDA, is it possible that they will infect my network... and will the firewall not pass it along without checking? If true, how can I combat this? Is there a product that will stop the packets and inspect them before being returned to the requester? _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- SSL Crumrine, Gary L (Oct 17)
- Re: SSL Frederick M Avolio (Oct 18)
- Re: SSL R. DuFresne (Oct 18)
- Re: SSL teo (Oct 18)
- Re: SSL Patrick M. Hausen (Oct 18)
- RE: SSL Stefan Norberg (Oct 18)
- <Possible follow-ups>
- RE: SSL Bruce Platt (Oct 18)
- RE: SSL Scott, Richard (Oct 18)
- RE: SSL Illes Marci (Oct 20)
- RE: SSL Ames, Neil (Oct 18)
- RE: SSL Paul D. Robertson (Oct 20)
- RE: SSL Chad Schieken (Oct 20)
- RE: SSL Dawes, Rogan (ZA - Johannesburg) (Oct 20)
- RE: SSL Bruce Platt (Oct 20)
- RE: SSL Paul D. Robertson (Oct 20)
(Thread continues...)