SSL banking connections out of the firms firewall

[Walker Andrew <andrew.walker () capco com>]

Hi,

I recently received a request from a user wanting to do his private banking
via an SSL connection negotiated from his client laptop (company issue,
connected to the internal LAN) to his banks server through the corporate
firewall.

I read up about SSL as a protocol and about public key encryption, but I'm
still undecided.  I have no help from the firms Internet policy to guide me
so I'm looking for advise regarding how one would go about allowing it by a
rule on FW1, if there are any security risks to be aware of, and also if
anyone has  any guidelines or experience of internet policies that deal with
this kind of Internet usage from within the firm.

Thanks in advance


> Andrew 

************************************************************************
The information in this email is confidential and is intended solely
for the addressee(s).
Access to this email by anyone else is unauthorised. If you are not
an intended recipient, you must not read, use or disseminate the
information contained in the email.
Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be
the views of Capco.

http://www.capco.com
***********************************************************************

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards