Re: [fw-wiz] Blocking email through the web services

From: Mikael Olsson (mikael.olsson@clavister.com)
Date: 01/23/03


From: Mikael Olsson <mikael.olsson@clavister.com>
To: "Chapman, Justin T" <JtChapma@bhi-erc.com>
Date: Thu Jan 23 11:45:18 2003


"Chapman, Justin T" wrote:
>
> One type of protection that I've implemented before is the use of a virus
> scanning engine to scan incoming http traffic. While this doesn't block
> access to webmail services per se, it does make these sites one less avenue
> for malicious code/virii to enter a network.

Virus scanning on HTTP helps, if viruses are all you worry about.
I personally worry about targeted attacks too, but I see why most
people can't be bothered with that :)

Just keep in mind that virus scanning HTTPS is ... um .. problematic ;)

> Checkpoint has Content Vectoring Protocol capabilities [...]

Install transparent proxy HTTP virus scanner. Done. No CVP.
If you're worried about adding one more single point of failure common
for ALL communications, one can also put this box on a service network
and use any router/fw capable of policy routing to hand off traffic to
the gateway.

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com


Relevant Pages

  • Re: Virus/Firewall Problem
    ... I contracted the virus about 6 months ago (it was ... | aware of was that there was a mentioning about a blue screen error. ... | Check the firewall settings for the HTTP port, ...
    (microsoft.public.windowsxp.help_and_support)
  • Follow-up and still need help on ex-gfs virus!
    ... Follow-up and still need help on ex-gf's virus! ... She still couldn't dl http websites with Firefox or IE, ... I went there and the list of exceptions didn't ... I could also dl updates for AVG and then I ran AVG ...
    (microsoft.public.windowsxp.general)
  • Re: Was =?ISO-8859-1?Q?st=F6rt?= da nachts im Bereich 1.4 - 1.6 MHz? (ADSL2+)
    ... kommt kein Virus am NAT vorbei, ... Du sprichst anscheinend von Sicherheitslücken in Webbrowsern oder ... die "Schädlinge" aber per HTTP, ...
    (de.sci.electronics)
  • Re: Was =?ISO-8859-1?Q?st=F6rt_da_nachts_im_Bereich_1=2E?= =?ISO-8859-1?Q?4_-_1=
    ... kommt kein Virus am NAT vorbei, ... die "Schädlinge" aber per HTTP, ... Ich weiss nur, dass ich NAT habe und die Firewall zwar nicht oft, aber doch einige Male die Bremse zog. ...
    (de.sci.electronics)
  • [Message rejected] Re: Wicked screensaver
    ... Your message has been rejected by our mail content scanning engine and has not reached its recipient. ... We believe that your message may contain a known virus or worm. ... Please do not reply to this message and its sender. ...
    (Debian-User)