On Fri, 10 May 2002, Fei Yang wrote: > Where's your Oracle server? Can you put both of them into your inside > network? Your consultant is very correct regarding how firewall can > protect inside hosts.
Firewalls do a very poor job of protecting hosts which must speak HTTP originated from the outside world. The firewall would be of absolutely no value against any of the 5 overflow attacks in MS02-018 for instance if the Web server were a vulnerable IIS server. RDS, .hta, ../, unicode ../, FrontPage, Cold Fusion, in fact every Web server exploit back to nph.cgi isn't readily protectable by most firewalls. Web servers get attacked in-band, allowing HTTP in to a Web server on the internal network is a bad idea. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
