Peter Bruderer wrote:
>
> To give you the statement you want: In March 2000 it was
> possible to connect to a HTTPS server through Firewall-1 and to
> get administrative privileges on that server.
> [snip]
Ehhh. How does this even remotely apply?
First: Firewall-1 is not a router.
It is a stateful inspection firewall.
Then let us suppose for a moment that we were using a
proxy firewall. What would it be able to do here that
a dumb stateless packet filter couldn't?
A proxy cannot examine what goes on inside HTTPS, since
it is encrypted.
I'm not saying that stateless packet filters are good
enough for everything. I'm just saying that this was
a bad example.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
