Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: SSL banking connections out of the firms firewall

RE: SSL banking connections out of the firms firewall

From: Henry Sieff <hsieff_at_orthodon.com>
Date: Fri, 28 Sep 2001 11:19:20 -0500

If its http over ssl, the firewall rules would be similar to http
except port 443 would replace 80. Now, as for security issues, the
main one I would be aware of is that the session will be encrypted
(obviously) so (unlike http) any content-based policy rules (ie no
active X content or js etc.) would be unenforceable on that session.

Henry

> -----Original Message-----
> From: Walker Andrew [mailto:andrew.walker_at_capco.com]
> Sent: Thursday, September 27, 2001 11:35 AM
> To: 'firewall-wizards_at_nfr.com'
> Subject: [fw-wiz] SSL banking connections out of the firms firewall
>
>
> Hi,
>
> I recently received a request from a user wanting to do his
> private banking
> via an SSL connection negotiated from his client laptop
> (company issue,
> connected to the internal LAN) to his banks server through
> the corporate
> firewall.
>
> I read up about SSL as a protocol and about public key
> encryption, but I'm
> still undecided. I have no help from the firms Internet
> policy to guide me
> so I'm looking for advise regarding how one would go about
> allowing it by a
> rule on FW1, if there are any security risks to be aware of,
> and also if
> anyone has any guidelines or experience of internet policies
> that deal with
> this kind of Internet usage from within the firm.
>
> Thanks in advance
>
>
> > Andrew
> >
>
> **************************************************************
> **********
> The information in this email is confidential and is intended solely
> for the addressee(s).
> Access to this email by anyone else is unauthorised. If you are not
> an intended recipient, you must not read, use or disseminate the
> information contained in the email.
> Any views expressed in this message are those of the individual
> sender, except where the sender specifically states them to be
> the views of Capco.
>
> http://www.capco.com
> **************************************************************
> *********
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards_at_nfr.com
> http://list.nfr.com/mailman/listinfo/firewall-wizards
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Received on Oct 01 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]