> Object lesson: Firewalls are *useless* at preventing the exporting of > content from your site. If someone inside is determined to > get some kind > of protocol to talk to something outside, and you allow *any* kind of > connection out, then they can obscure or encrypt the traffic > so that you won't see it. Which is why you need an IDS on both sides of that firewall - preferably every box in your organization. It isn't enough to stop traffic. Got to sniff it and see if there's anything stinky in those payloads. Ewwww, FTP over DNS. :-) ------------------------------------ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation (503) 644-5656 office (503) 201-0821 cell http://www.anitian.com ------------------------------------
This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 19:58:04 PDT