At 08:06 PM 12/16/96 -0800, Babak Jahromi wrote:
>>7) Our concept of using HTTP to avoid Firewalls seem to be flawed. I spoke
>>to several security specialists about it and they called us naive. They
>>pointed out that any firewall provider worth its salt would use IPP as a
>>good excuse to sell their customers a new version of their firewall -
>>whichever way we do it.
>>>Carl,
>>Could you be more specific here? If we stick to the basic HTTP, how can
>the firewall provider tell what the HTTP command really transporting?
>And how can they convince their customers that they need a new firewall
>that works better by poking into the HTTP commands to search for IPP
>stuff?
>>Thanks,
>Babak
>
Babak,
The main argument given to me was that a number of security concious
organizations are prohibiting the delivery of data out from their
organization e.g. via FTP, while allowing HTTP on the basis that it is
normally used to get data in from the outside, but gives out very little
data. If we start using IPP to send out big print files, these
organizations will start getting worried and looking for a stopgap solution,
until they find a way to dig into the HTTP flow for details. A short term
solution might be to quite simply have the firewall stop the use of HTTP
altogether.
Carl-Uno