ES, Amen brother. Same with intrusion detection and gateway AV products.
Great paper. Work of Art. My thoughts on MMCs and why information security will only get harder. Summary: What AV is going to stop the ActiveX Adobe buffer overflow? Adobe is an everyday file so AV desktop signatures won't work. As you pointed out ID/firewallproxy/gateway AV won't work in SSL. Desktop AV products now have to turn into web script interpreters?? More Blue Screens of Death. A great great security researcher once told me "You can't secure the enterprise until you secure the desktop, or get rid of them" http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=666 http://www.intersec.com/tech_center/RD_Center/Papers/VirusPaper.doc I'm outta here, dreez > -----Original Message----- > From: Eric Samburn [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, November 27, 2001 6:03 PM > To: [EMAIL PROTECTED] > Subject: ActiveX filtering through firewalls > > > This may be out-of-date, but I know some companies still > blindly rely on a > firewall or proxy to filter ActiveX and think it is safe. > > Last year, CERT / Steven Bellovin + others wrote a report > ("Results of the > Security in ActiveX Workshop") to discuss ActiveX security. > Inside there, it > mentioned that it is still unsafe to filter ActiveX on the > firewall since > HTTPS traffic will tunnel through unchecked (unless the SSL > connections are > terminated at the firewall / proxy level). > > If a hacker want to compromise a site through ActiveX, they > will establish a > secure web server with exploit code, and their exploit > potentially can get > through lots of company firewalls undetected. > > The CERT report also has recommendation to secure the desktop > for ActiveX. > But I find that the recommendations will be difficult to > implement / manage > in a large company with lots of desktop. > I know some company only allow Flash control to get through > but not other > ActiveX control. I don't know how they implement it, but may > be using a > combination of "CodeBaseSearch Path" and "Administrator Apporved" > attributes. > > I wonder if this is a common problem for the security > community ? (i.e. > people just block ActiveX on the firewall.) > How would you secure ActiveX in your environment ? Any good > practice you > know of ??? > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
