|
Firewall Wizards
mailing list archives
Re: tunnel vs open a hole
From: Mikael Olsson <mikael.olsson () clavister com>
Date: Tue, 08 Apr 2003 00:58:56 +0200
"Anton A. Chuvakin" wrote:
[I agree ... BUT]
surely people started to httptunnel not just because if was
a fun thing to do?
No, it was made so that users/intruders could bypass the
security policy of a given network.
surely you'd know of places where it is done exactly like that.
If I found someone doing that on my network, that someone would
find himself without Internet access. Internet access is not
a requirement for the majority of jobs out there.
Additionally, what if opening a port turns into "lets open yet
another port in our swiss-cheese firewall and pray this application
can't be exploited"? Will tunneling be justified in this case?
Will it not reduce security a bit less than opening a port?
How? A port is a 16-bit integral number. Attacks are not mounted
over 16-bit integral numbers. You attack _code_. The same code
gets exposed regardless of whether it's being tunneled over
port 80 or not. Not to mention that you are now also exposing
the HTTP tunneling code, which you wouldn't be exposing if you
weren't doing HTTP tunneling.
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
Re: Application requires VPN - How are these handled? m p (Apr 02)
RE: Application requires VPN - How are these handled? Melson, Paul (Apr 02)
| 
Intro
