On Mon, 2002-06-24 at 19:11, Andrew Plato wrote: > > > Object lesson: Firewalls are *useless* at preventing the exporting of > > content from your site. If someone inside is determined to > > get some kind > > of protocol to talk to something outside, and you allow *any* kind of > > connection out, then they can obscure or encrypt the traffic > > so that you won't see it. > > Which is why you need an IDS on both sides of that firewall - preferably > every box in your organization. It isn't enough to stop traffic. Got to > sniff it and see if there's anything stinky in those payloads. Ewwww, > FTP over DNS. And for every hole you plug, another will be created by someone who is being creative. I remember seeing an implementation of ftp over icmp. And don't bend over for the SOAP.
This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 23:24:10 PDT