by Rick Stua » Tue, 23 Sep 1997 04:00:00
Any voices of experience out there who are using proxy firewalls to provide
internet access via http proxy to Solaris desktops? I am very interested
in what the potential risks to UNIX filesystems may be associated with
such a configuration.
Is it possible to filter out JAVA applets from the internet proxy feed while
allowing the use of JAVA in the intranet?
Thanks for any wisdom you might be willing to share.
by richard westlak » Thu, 25 Sep 1997 04:00:00
> Any voices of experience out there who are using proxy firewalls to provide
> internet access via http proxy to Solaris desktops? I am very interested
> in what the potential risks to UNIX filesystems may be associated with
> such a configuration.
> Is it possible to filter out JAVA applets from the internet proxy feed while
> allowing the use of JAVA in the intranet?
> Thanks for any wisdom you might be willing to share.
There are some proxy firewall type products which claim to do this
Mine sweeper ?? (does email as well)
also
SurfinGate http://www.finjan.com/
I am not shure how the Proxy Firewall could effect the security of
your UNIX NFS Environment (unless yopu tell the proxy to do things with
NFS and the Internet).
I guess your firewall is protecting your NFS filesystems
Hope this is of some use
--
Richard Westlake
Crystallography Dept. , Birkbeck College, Malet Street, London WC1E 7HX
Tel: 0171-631-6859
by Toby Speigh » Thu, 25 Sep 1997 04:00:00
-----BEGIN PGP SIGNED MESSAGE-----
I think it's called MIMEsweeper.
An alternative approach is the Digitivity CAGE (N.B. I work for
Digitivity). Rather than simply filtering out applets from outside
the intranet, it can be configured to run applets on a sacrificial
host in the DMZ, with a GUI pipe to the desktop.
If your firewall is correctly configured, then applets running on the
CAGE host won't be able to access your NFS files, even if there's a
bug in the VM (you can't say that for applets run in a browser, where
the Java runtime is your only protection).
It doesn't prevent you running intranet applets within the browser -
in fact, that's how we're configured internally.
<URL:http://www.digitivity.com/> for the full score. [Text-only
version at <URL:http://www.digitivity.com/text/>].
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBNCkdL+dsuUurvcRtAQGbsAL+NK8FW7iDqa3O6IohwIMCsvfrYKJWWzXL
BrmZdvGCJ4nOROzYgQEavcVeaNDTVgVsUW3kciMQgpneDY4f9Z3o8xalysBK4V42
axqwqiheQaxhEmsl1EPkSV64N37zRKhe
=8fGi
-----END PGP SIGNATURE-----
by t.. » Fri, 26 Sep 1997 04:00:00
--
----------------------------------------------------------------------
Thomas H. Ptacek Secure Networks, Inc.
----------------------------------------------------------------------
"mmm... sacrilicious..."
1. ftp client proxy ms proxy firewall http proxy unix
for a unix ftp client that works through MS proxies, even with NTLM
authentication, go to this link...
http://unix.about.com/cs/appsftp/
on the link above, 'curl' and 'lftp' seem to be teh best two i've ever
used, but be warned that curl will require openssl libraries as well
as zlib libraries.
you might also get errors with ld.so.1 or something such as this...
ld.so.1: fatal
No such file or directory
ImportError: ld.so.1
if you get this kiind of error, then search groups.google.com for my
explanation on this kind of Nasty error which has fooled/beaten many a
rookie.
for NTLM authentication (MS Proxy Firewall or MS ISA Firewall), get on
www.sourceforge.net and look for 'NTLM Proxy Authentication' and then
find a program called (i think the program is called 'aps' it's
written by Dmitry Rozmanov) download it and configure it for your MS
Proxy/ISA Firewall. it might require the python intepreter, download
the python intepreter if you DON'T already have it. be patient,
everything will eventually work for you once you've read all the
manuals.
___________________________________________
Moses Motlhale - Solutions Architect
24th Century Solutions, South Africa.
3. antivirus on the firewall/proxy to protect the lan
5. Setting up NFS to get around a firewall intended to protect NIS
6. How to execute command from zsh shell in 4 different processes
7. pick script in The UNIX Programming Environment (The UNIX Programming Environment )
8. Good deals on SUN and IBM Equipment!
9. Redhat5.0's proxy server and firewall proxy
10. 1 * MqpVOknWX-Protected Environment for User
11. Protected Environment for User
12. How do I protect a CERN proxy/web server from unauthorised access?
13. Protecting Apache proxy per user