Re: [dist-obj] Extranet security

• To: Kevin Dick <kevin@dick.org>
• Subject: Re: [dist-obj] Extranet security
• From: Albert Scherbinsky <alberts@rogers.wave.ca>
• Date: Fri, 13 Jul 2001 15:24:31 -0400
• CC: dist-obj@distributedcoalition.org
• Delivered-To: distcoal-dist-obj-archive@distributedcoalition.org
• Delivered-To: mailing list dist-obj@distributedcoalition.org
• list-help:
• list-post:
• list-unsubscribe:
• Mailing-List: contact dist-obj-help@distributedcoalition.org; run by ezmlm
• Organization: Software Press
• References: <11464.194.109.194.188.994968185.squirrel@webmail.xs4all.nl> <3B4E1F53.A965003A@dick.org> <3B4E2DD6.975DE15E@rogers.wave.ca> <3B4E39FD.7422EAF1@dick.org> <3B4E3FAF.28D5CF51@rogers.wave.ca> <3B4E6263.AE3CB007@dick.org> <3B4EF432.51FDA9CE@rogers.wave.ca> <3B4F3C0F.A6E4F90F@dick.org>

> The reason they do this is because IP
> provides no authentication and no mesage integrity so it's easy for an
> attacker to impersonate or alter legitimate traffic.
> 
> SSL provides end-to-end authentication and encryption, so it's far
> superior from a security perspective to plain IP even with firewall
> inspection.  However, an SSL encrypted link is going to be opaque to
> this sort of inspection.  Therefore, most firewalls by default don't
> touch traffic on port 443.

Doesn't this create an opening allowing an attacker to
create traffic that looks like responses to SSL traffic?

Albert

==========================================================================
To manage your subscription, mailto:dist-obj-help@distributedcoalition.org 
Archives, FAQ, etc.     http://www.distributedcoalition.org/mailing_lists/

• Follow-Ups:
  • Re: [dist-obj] Extranet security
    • From: Kevin Dick
  • RE: [dist-obj] Extranet security
    • From: "Eugene Kuznetsov"

• References:
  • [dist-obj] Extranet security
    • From: "Peter van Eijk"
  • Re: [dist-obj] Extranet security
    • From: Kevin Dick
  • Re: [dist-obj] Extranet security
    • From: Albert Scherbinsky
  • Re: [dist-obj] Extranet security
    • From: Kevin Dick
  • Re: [dist-obj] Extranet security
    • From: Albert Scherbinsky
  • Re: [dist-obj] Extranet security
    • From: Kevin Dick
  • Re: [dist-obj] Extranet security
    • From: Albert Scherbinsky
  • Re: [dist-obj] Extranet security
    • From: Kevin Dick

• Prev by Date: Re: [dist-obj] Extranet security
• Next by Date: RE: [dist-obj] Extranet security
• Prev by thread: Re: [dist-obj] Extranet security
• Next by thread: RE: [dist-obj] Extranet security
• Index(es):
  • Date
  • Thread