I share the same concern; can the inbound services we offer via the internet using Sun
iPlanet be penetrated without being detected since the attack is transported within
SSL?
For example IMAP/HTTP/SSL/TCP/IP.
I would like for someone to convince me that my concern is unfounded. Any takers?
>[EMAIL PROTECTED] wrote:
>An attacker uses an SSL-enabled tool to compromise a
>web server. This tool just happens to exploit the >latest discovered vulnerability.
>The server, >unfortunately, hasn't yet been patched. The tool uses >SSL to get past
>firewalls and IDSs, and that's the >key, since the site's network has an IDS that
>would >have been triggered had the tool used clear-text >HTTP. Now the attacker has
>control of one box, and >can use it to compromise the entire network -- all >over SSL
>and practically invisible to the watchers.
Find the best deals on the web at AltaVista Shopping!
http://www.shopping.altavista.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
