Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tunnel vs open a hole

From: "Anton A. Chuvakin" <anton () chuvakin org>
Date: Mon, 7 Apr 2003 11:21:21 -0400 (EDT)
All,

Thanks for lots of great responses! Before asking the question, it seemed
to me that opening a port also made more sense, and now I am even more
convinced of that.


 As port 80 usually means http: Never do that. If you want to

Certainly.

However, surely people started to httptunnel not just because if was a fun
thing to do? I suspect it was in part due to the fact that in some
environments, admins were reallly hard to convince that opening another
port is possible WHILE allowing almost unrestructred web access. It might
seem like a contradiction in their security policy, but surely you'd know
of places where it is done exactly like that. Additionally, what if
opening a port turns into "lets open yet another port in our swiss-cheese
firewall and pray this application can't be exploited"?  Will tunneling be
justified in this case? Will it not reduce security a bit less than
opening a port?

Best,
-- 
  Anton A. Chuvakin, Ph.D., GCI*
     http://www.chuvakin.org
   http://www.info-secure.org



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: