Firewall and Proxy Server HOWTO: Defeating a Proxy Firewall Just to spoil your day, and keep you on your toes about security, I'll describe how easy it is to defeat a proxy firewall. Now that you have done everything in this document and have a very secure server and network. You have a DMZ and no one can get into your network and you are logging every connection made to the outside world. You make all your users go through a proxy and no one can go directly to the Internet. Then one of your users, with a didacated connection of his own, finds out about

Firewall and Proxy Server HOWTO: Defeating a Proxy Firewall Just to spoil your day, and keep you on your toes about security, I'll describe how easy it is to defeat a proxy firewall. Now that you have done everything in this document and have a very secure server and network. You have a DMZ and no one can get into your network and you are logging every connection made to the outside world. You make all your users go through a proxy and no one can go directly to the Internet. Then one of your users, with a didacated connection of his own, finds out about Next Previous Contents

httptunnel. httptunnel creates a bidirectional virtual data path tunnelled in HTTP requests. The HTTP requests can be sent via an HTTP proxy if so desired. Or, on their system they install a Virtual Private Network (vpn). See: http://sunsite.auc.dk/vpnd/ Or, Maybe this user simply puts a modem on their NT system and turns on routing. Finally, on the workstation, on the private LAN, change the default gateway to point to the new route to the Internet. Now, from this workstation, you can go anywhere. The only thing the firewall admin might see is one connect with nowill see is a really long DNS lookup. Now, take over the world!

Next Previous Contents