| |
Firewall Testing About VESARiA |
|
|
5.8 How do I make gopher, archie, and other services work through my firewall?
The majority of firewall administrators choose to support gopher and
archie through web proxies, instead of directly. Proxies such as the
firewall toolkit's http-gw convert gopher/gopher+ queries
into HTML and vice versa. For supporting archie and other queries,
many sites rely on Internet-based Web-to-archie servers, such as
ArchiePlex. The Web's tendency to make everything on the Internet look
like a web service is both a blessing and a curse.
There are many new services constantly cropping up. Often they are
misdesigned or are not designed with security in mind, and their
designers will cheerfully tell you if you want to use them you need to
let port xxx through your router. Unfortunately, not everyone can do
that, and so a number of interesting new toys are difficult to use for
people behind firewalls. Things like RealAudio, which require direct
UDP access, are particularly egregious examples. The thing to bear in
mind if you find yourself faced with one of these problems is to find
out as much as you can about the security risks that the service may
present, before you just allow it through. It's quite possible the
service has no security implications. It's equally possible that it
has undiscovered holes you could drive a truck through.
|
 |
Vesaria
3640 Fords Lane, Suite D
Baltimore, MD 21215
443 - 501 - 4044
|
