Its very unlikely that we will soon get se ure solutions for the
mentioned types of code.
What about handling most of the stuff coming from the internet in a
DMZ on xNixes or NT with multi user application access i.e. WinFrame.
We would then only have to propagate the GUI thru the firewall and
could implement any kind of additional security we like in order to
pass it thru and no access to the internal workstation would be
possible..
Internet
*
*
V
-------------------------
screening
host
-------------------------
*
*
V
-------------------------
browser server
(Unix / WinFrame)
end of Internet sessions
start of GUI session
-------------------------
*
*
V
-------------------------
firewall
GUI session proxy
-------------------------
*
*
V
-------------------------
users workstation
end of GUI session
winframe client /
X-server
-------------------------
--------------------------------------------------------------------
I speak here on my own and in no way for my employer
Peter Vaterlaus
Security Architect
Swiss Bank Corporation
______________________________ Reply Separator _________________________________
Subject: Mobile Code Security???
Author: todd (toddat_private) at unix,mime
Date: 29.04.98 05:43
I'm curious as to the groups opinion on Java, JavaScript, ActiveX ,
or more generally - mobile code secuirty technologies.
Are methods for dealing with mobile code to become "standard"
features in commerical firewalls?
I have been working in this space for over a year now and I'm
afraid my perception may be *biased*. ;-)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:21 PDT