Greetings!
Eric Samburn wrote:
>
> Last year, CERT / Steven Bellovin + others wrote a report ("Results of
> the Security in ActiveX Workshop") to discuss ActiveX security. Inside
> there, it mentioned that it is still unsafe to filter ActiveX on the
> firewall since HTTPS traffic will tunnel through unchecked (unless the
> SSL connections are terminated at the firewall / proxy level).
...and that's how I'd solve the problem: force all users to use HTTP(S)
via a proxy (preferraby in a DMZ), allow the proxy out and filter the
uncrypted LAN->PROXY http-proxied traffic for ActiveX.
Bye
Volker
--
Volker Tanger <[EMAIL PROTECTED]>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
