At 01:04 05/01/99 -0800, Kyle Jones wrote:
I have to wonder, living behind a corporate firewall myself at
my day-job, how the person in charge of security would feel
about this clever tunneling. Why is asking the company security
guru to allow outbound connections to TCP port 443 not the right
solution to this problem? Wriggling under the firewall might
buy you some short term gain--- but it might also get you fired.
Well there are two answers to this:
1. They can't fire me becuse I have already resigned :)
2. It seems many sysadmins are unhappy to do this. I don't know why this is
but I know that setting up another proxy on our firewall is a pain because
it has to be a specific port for a specific location (so you need a plug
gateway for each cvs server you want to connect to). Allowing access via
the web-proxy is much easier to administer, but I couldn't comment on the
security implications. My sysadmin was happy to allow 2401 on the web proxy
- but then he was also happy to add a plug-gateway for
cvs.xemacs.org.
YMMV. BillP might know more.
andy
---------------------------------------------------------------------------
" .sigs are like your face - rarely seen by you and uglier than you think"
Dr Andy Piper, Technical Architect, Parallax Solutions Ltd
mail: andyp(a)parallax.co.uk web:
www.parallax.co.uk/~andyp