| |
Firewall Testing About VESARiA |
|
|
5.9 What are the issues about X11 through a firewall?
The X Windows System is a very useful system, but unfortunately has
some major security flaws. Remote systems that can gain or spoof
access to a workstation's X display can monitor keystrokes that a user
enters, download copies of the contents of their windows, etc.
While attempts have been made to overcome them (E.g., MIT ``Magic
Cookie'') it is still entirely too easy for an attacker to interfere
with a user's X display. Most firewalls block all X traffic. Some
permit X traffic through application proxies such as the DEC CRL X
proxy (FTP crl.dec.com). The firewall toolkit includes a proxy for X,
called x-gw, which a user can invoke via the Telnet proxy, to create a
virtual X server on the firewall. When requests are made for an X
connection on the virtual X server, the user is presented with a
pop-up asking them if it is OK to allow the connection. While this is
a little unaesthetic, it's entirely in keeping with the rest of X.
|
 |
Vesaria
3640 Fords Lane, Suite D
Baltimore, MD 21215
443 - 501 - 4044
|
