Firewall Wizards mailing list archives

RE: Using SSL accelerators in firewalls

From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>
Date: Wed, 17 Jul 2002 16:41:46 +0200

It's a lot easier to access the data on the network than it is in process
memory, and has a much smaller effect on the responsiveness of the
application. i.e. it is a lot less likely that it will be detected.

Rogan

-----Original Message-----
From: miha () nil si [mailto:miha () nil si]
Sent: 17 July 2002 04:10
To: Darren Reed
Cc: firewall-wizards () honor icsalabs com; 
firewall-wizards-admin () honor icsalabs com
Subject: Re: [fw-wiz] Using SSL accelerators in firewalls

Let me ask this question another way :-)

If the bank has a SSL accelerator to <quote> screen traffic 
and then pass your data through some number of other 
things, unencrypted <end quote>, how is that different from 
decrypting it on the web server 
and then doing the same thing (assuming you have a two tier 
design). Bad 
design is not device dependant, it can be achieved using a 
large variety 
of tools.

---
  Miha Vitorovic
  Inženir v tehničnem področju
  Customer Support Engineer

   NIL Data Communications,  Einspielerjeva 6,  1000 
Ljubljana,  Slovenia
   Phone +386 1 4746 500      Fax +386 1 4746 501     
http://www.NIL.si

In some email I received from Darren Reed, sie wrote:


There would seem to be a growing trend in using SSL accelerators not
next to the web server but attached to a firewall so that it isn't
https traffic that passes through but http.


Let me ask this question another way.

If your bank was using one of these SSL accelerators and it was not
directly attached to the web server, but the "far side" of something
else so they could screen traffic and then pass your data through
some number of other things, unencrypted, would you use that bank's
Internet Banking service which used SSL encryption ?



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Using SSL accelerators in firewalls, (continued)
- - Re: Using SSL accelerators in firewalls Carson Gaspar (Jul 22)
- Re: Using SSL accelerators in firewalls Ryan McBride (Jul 17)
  - Re: Using SSL accelerators in firewalls Scott Walker Register (Jul 17)
- Re: Using SSL accelerators in firewalls Paul Robertson (Jul 17)
  - RE: Using SSL accelerators in firewalls Ian Peters (Jul 17)
- Re: Using SSL accelerators in firewalls Fabio Pietrosanti (naif) (Jul 17)
- Re: Using SSL accelerators in firewalls Ryan Russell (Jul 17)
- Re: Using SSL accelerators in firewalls miha (Jul 17)
- RE: Using SSL accelerators in firewalls Dawes, Rogan (ZA - Johannesburg) (Jul 17)
- RE: Using SSL accelerators in firewalls Dawes, Rogan (ZA - Johannesburg) (Jul 17)
- RE: Using SSL accelerators in firewalls Dawes, Rogan (ZA - Johannesburg) (Jul 17)
- Re: Using SSL accelerators in firewalls Dana Nowell (Jul 17)