lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <fd910678041125020349199487@mail.gmail.com>
From: danbuk at gmail.com (DanB UK)
Subject: IE is just as safe as FireFox

Hi,
> Agreed. But if the idea is to protect your internal clients from your
> intranet web servers, the proxy isn't doing much for you. Plus again,
> someone can just configure their machine to not use the proxy as mentioned
> previously. If the machines are available on the public intranet without
> having to go through some firewall, you can't slap much of a guarantee on
> things not reaching them except via your proxy. You mention setting up
> routing ACL policies for HTTP traffic further down. This isn't something
> that is reasonable to manage in a large organization and does nothing from
> stopping people from selecting alternate ports.

Well if you stick a firewall inbetween and limit to only 80/443 and
then redirect the requests to a web proxy(I know there are issues with
https proxying, like MTM). Then you can filter/drop do what ever you
like.

Cheers,
Dan.

-- 
DanB UK
London, UK

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ