[LUNI] can a firewall block protocols?

Erik Lickerman elickerman at ameritech.net
Sat Aug 7 13:01:32 CDT 2004 

It's for demos and to some extent ease of setup.  The software would be run
within an environment by (on behalf of) a third party.  The third part would
definitely have leverage to get firewall rules to accomodate the software.
I just thought it would be easier if they didn't have to.

How is SOAP encapsulated to slip by?

-----Original Message-----
From: luni-bounces at luni.org [mailto:luni-bounces at luni.org]On Behalf Of
Martin Maney
Sent: Saturday, August 07, 2004 12:21 PM
To: Linux Users Of Northern Illinois - Technical Discussion
Subject: Re: [LUNI] can a firewall block protocols?


On Sat, Aug 07, 2004 at 11:58:58AM -0500, Erik Lickerman wrote:
> BTW- am I being ignorant in assuming that corporate firewalls would block
> outgoing connections of various sorts, like preventing an internal system
> from connecting to a socket on an external server?

Nope, that's exactly what they do.  The real secure stance is to block
everything and then open holes only as necessary.

I'm not sure there's any way to be certain of being able to access any
service from behind an arbitrary firewall.  At best you can pick one
(or more - it might be really good if the server listened on multiple
ports, in hopes that one or another was unblocked at any particular
client site) port that is more or less likely to be unblocked.  If you
have to choose just one, either HTTP (properly encapsulated to slip
past proxies and caches, as SOAP is) or maybe HTTPS are good choices.
Of course either may conflict with other services you might want to run
on the server.

Is this concern with sneaking past existing firewalls necessary in
order to demo the app, or do you really expect it to have to operate
covertly in normal practice?  If the latter, the firewall's
unfriendliness may not be the worst you'll encounter.  :-/

--
And that is called paying the Dane-geld;
  But we've proved it again and again,
That if once you have paid him the Dane-geld
  You never get rid of the Dane.  -- Kipling on MS Enterprise Licensing

--
Linux Users Of Northern Illinois - Technical Discussion
http://luni.org/mailman/listinfo/luni

More information about the luni mailing list