[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [dist-obj] Extranet security
> The reason they do this is because IP
> provides no authentication and no mesage integrity so it's easy for an
> attacker to impersonate or alter legitimate traffic.
> SSL provides end-to-end authentication and encryption, so it's far
> superior from a security perspective to plain IP even with firewall
> inspection. However, an SSL encrypted link is going to be opaque to
> this sort of inspection. Therefore, most firewalls by default don't
> touch traffic on port 443.
Doesn't this create an opening allowing an attacker to
create traffic that looks like responses to SSL traffic?
To manage your subscription, mailto:firstname.lastname@example.org
Archives, FAQ, etc. http://www.distributedcoalition.org/mailing_lists/