Re: [fw-wiz] Blocking email through the web services

From: Mikael Olsson (mikael.olsson@clavister.com)
Date: 01/23/03


From: Mikael Olsson <mikael.olsson@clavister.com>
To: "Chapman, Justin T" <JtChapma@bhi-erc.com>
Date: Thu Jan 23 11:45:18 2003


"Chapman, Justin T" wrote:
>
> One type of protection that I've implemented before is the use of a virus
> scanning engine to scan incoming http traffic. While this doesn't block
> access to webmail services per se, it does make these sites one less avenue
> for malicious code/virii to enter a network.

Virus scanning on HTTP helps, if viruses are all you worry about.
I personally worry about targeted attacks too, but I see why most
people can't be bothered with that :)

Just keep in mind that virus scanning HTTPS is ... um .. problematic ;)

> Checkpoint has Content Vectoring Protocol capabilities [...]

Install transparent proxy HTTP virus scanner. Done. No CVP.
If you're worried about adding one more single point of failure common
for ALL communications, one can also put this box on a service network
and use any router/fw capable of policy routing to hand off traffic to
the gateway.

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com