[Previous] [Next] [Index]
[Thread]
Re: XMosaic client vs. The Firewall
Well, let me start out by asking some questions. We've been using the
WWW for roughly 9 months now... We have the X version of Mosaic
running. Our access is currently being threatened by a firewall.
We aren't running a server as of yet, just the Mosaic client. (v2.4 I
believe).
There are several security issues related to running Mosaic or other web
clients behind a firewall. Some are less concrete than others.
1) The Mosaic client program is very large, and not implemented in the most
security concious manner possible. Bugs in the software may permit a
maliciously configured HTTP server on the Internet to cause damage to
systems running client software. Historically, this has been a problem,
and new versions have been released that fix known bugs. It is a near
certainty that similar bugs remain.
2) The Mosaic client software is designed to invoke external interpreters for
certain data types that it cannot handle internally. This causes clients
running inside the security perimeter to execute local programs on
arbitrary data obtained from the Internet. A noteworthy example is the
Postscript interpreter: Postscript is a general purpose programming
language, and potentially malicious code contained within the Postscript
program may wreak havoc on the local environment. Some solutions are to
limit the interpreters to implement a subset of the language, run them in
restricted environments, and/or perform code analyses.
3) Users within the firewall may use the HTTP proxy to bypass security
mechanisms imposed by the firewall. For example, the HTTP proxy supports
FTP, which bypasses the firewall FTP proxy that provides FTP securely and
with auditing. Turning off the capability to run these other network
services limits key functionality of the web.
4) A feature of the software is to hide most access mechanisms from the user.
A user simply clicks on a picture or line of text which may be bound to an
operation that the user did not intend. Users can be fooled into invoking
network services that they would not normally invoke. For example,
clicking on a link can connect the user to the mail server on another
system causing him to send threatening email to a user on that system.
5) The HTTP proxy server is large, complex, and may run in a privileged mode.
It may cause harm to the firewall itself.
Follow-Ups:
References: