>Would establishing proxy authentication for outbound internet sessions
>reduce the risk of the BO2k trojan creating cleint/server sessions with
>external remote servers?
Depends on how your authentication works. Most authentication
mechanisms are going to leave "sessions" open with the proxy,
so that users don't have to type a password for every object
on a web page. So, whether this will help or not depends on how
hard it is for BO2K to piggyback on an existing session. Shims
that cache passwords on a per-application basis might work.
>I am looking for a way to mitigate the risk (externaly). Any help would be
>appreciated.
BO2K can (be made to) also run across things like ICMP, DNS, etc.. so
you will have to examine how those work in your environment, too. It's
theoretically impossible to prevent it if you allow any inside->out access,
but you can probably save yourself if you keep up to date on the latest
plug-ins and communications methods for BO2K, and block them as
they arise. Just hope that a skilled programmer doesn't target you in
particular with a new plug-in. :)
Ryan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
