Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: IE is just as safe as FireFox
From: DanB UK <danbuk () gmail com>
Date: Thu, 25 Nov 2004 10:03:27 +0000

Hi,
Agreed. But if the idea is to protect your internal clients from your
intranet web servers, the proxy isn't doing much for you. Plus again,
someone can just configure their machine to not use the proxy as mentioned
previously. If the machines are available on the public intranet without
having to go through some firewall, you can't slap much of a guarantee on
things not reaching them except via your proxy. You mention setting up
routing ACL policies for HTTP traffic further down. This isn't something
that is reasonable to manage in a large organization and does nothing from
stopping people from selecting alternate ports.

Well if you stick a firewall inbetween and limit to only 80/443 and
then redirect the requests to a web proxy(I know there are issues with
https proxying, like MTM). Then you can filter/drop do what ever you
like.

Cheers,
Dan.

-- 
DanB UK
London, UK

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]