The function you request is present in many commercial firewalls today..??
Axent Raptor and Checkpoin Fw-1 is fully capable of doing what you
describe. Am I missing something else in your question. One hijacking
sessions for your cusomer seems awfully extreme. If you simply speak with
your customers regarding the type of traffic that they only want to allow
through their firewall, I am sure you and your customer can arrive at a
compromise to properly configure HTTP port redirection rules.
This feasability is relatively easy, and should not keep you up all hours
of the night.
If you are really concerned about the traffic that is being transmitted
from you to your customers, then investing spending some money and time
investigating the different types of Intrusion Detection Systems
available. Before pursuing that avenue.
Do the following:
Assess - your current architecture and jot down some notes on where you
are today and where you want to be, accounting for budget, customer
requests, the upper management, staffing, etc, etc.
Analyze - how you go from where you are today to where you really want to
be and factoring in all the variables, this data crunching may take some
time, so investing in some Vivarin may help.. :)
Report - put it all together in a nice fancy package ala Kinko's and
voila, you now have your security roadmap and how to go from where you are
today to where you wanna be, and accounting for silly requests as service
redirection with encryption.
P.S. Coupons, loose change, Vendor T-Shirts and Designer sneakers are
welcome forms of acceptable payment ,unless you are the Black Widow
!!(Gary C. you know who I am referring to don't you ;;; ) ( No payment is
necessary, you already ruined my life :)
/m
"Groth, Daniel" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
02/28/00 05:59 AM
To: "Firewalls \(E-mail\)" <[EMAIL PROTECTED]>
cc:
Subject: Traffic redirection
Hi. I am facing a problem: I need to encrypt the IP traffic IN&OUT of
several UNIX (not Linux) machines without installing any addition
machines.
Is it possible to hijack the traffic by a daemon which would do the
encryption stuff? The main reason of this is that my customers don't want
to
open ports on their firewalls except HTTP(S). So I would have to redirect
the traffic through HTTPS and unfold it on the other side. But I am
sceptic
about the feasibility...
-Daniel
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
