RE: [fw-wiz] Using SSL accelerators in firewalls
From: Dawes, Rogan (ZA - Johannesburg) (rdawes@deloitte.co.za)
Date: 07/17/02
- Next message: Fabio Pietrosanti (naif): "Re: [fw-wiz] Using SSL accelerators in firewalls"
- Previous message: Adam Shostack: "Re: [fw-wiz] FWTK and smap/smapd"
- Maybe in reply to: Darren Reed: "[fw-wiz] Using SSL accelerators in firewalls"
- Next in thread: Fabio Pietrosanti (naif): "Re: [fw-wiz] Using SSL accelerators in firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes@deloitte.co.za> To: "'miha@nil.si'" <miha@nil.si>, Darren Reed <darrenr@reed.wattle.id.au> Date: Wed Jul 17 11:00:42 2002
It's a lot easier to access the data on the network than it is in process
memory, and has a much smaller effect on the responsiveness of the
application. i.e. it is a lot less likely that it will be detected.
Rogan
> -----Original Message-----
> From: miha@nil.si [mailto:miha@nil.si]
> Sent: 17 July 2002 04:10
> To: Darren Reed
> Cc: firewall-wizards@honor.icsalabs.com;
> firewall-wizards-admin@honor.icsalabs.com
> Subject: Re: [fw-wiz] Using SSL accelerators in firewalls
>
>
> Let me ask this question another way :-)
>
> If the bank has a SSL accelerator to <quote> screen traffic
> and then pass your data through some number of other
> things, unencrypted <end quote>, how is that different from
> decrypting it on the web server
> and then doing the same thing (assuming you have a two tier
> design). Bad
> design is not device dependant, it can be achieved using a
> large variety
> of tools.
>
> ---
> Miha Vitorovic
> Inženir v tehničnem področju
> Customer Support Engineer
>
> NIL Data Communications, Einspielerjeva 6, 1000
> Ljubljana, Slovenia
> Phone +386 1 4746 500 Fax +386 1 4746 501
> http://www.NIL.si
>
>
> In some email I received from Darren Reed, sie wrote:
> >
> > There would seem to be a growing trend in using SSL accelerators not
> > next to the web server but attached to a firewall so that it isn't
> > https traffic that passes through but http.
>
> Let me ask this question another way.
>
> If your bank was using one of these SSL accelerators and it was not
> directly attached to the web server, but the "far side" of something
> else so they could screen traffic and then pass your data through
> some number of other things, unencrypted, would you use that bank's
> Internet Banking service which used SSL encryption ?
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
- Next message: Fabio Pietrosanti (naif): "Re: [fw-wiz] Using SSL accelerators in firewalls"
- Previous message: Adam Shostack: "Re: [fw-wiz] FWTK and smap/smapd"
- Maybe in reply to: Darren Reed: "[fw-wiz] Using SSL accelerators in firewalls"
- Next in thread: Fabio Pietrosanti (naif): "Re: [fw-wiz] Using SSL accelerators in firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
