Re: Internet Explorer Security Holes Behind Firewall

tterenzetti · ‎09-28-2004

I am concerned about the reported security holes which exist in MS Internet Explorer. Am I correct in thinking that these holes are plugged when IE is being run on a system which is behind my PIX firewall, or do security holes still exist.

steve.busby · ‎09-28-2004

The holes and security issues are still there, as long as you don't patch them, however, with a properly configured firewall you can mitigate the risks so these security flaws aren't exploited from outside your network.

Of course this will do nothing to protect the system from users (trusted or not) inside your network.

tterenzetti · ‎09-28-2004

would you consider a pix firewall (501/506/515) with an out-of-the-box, default configuration, a "properly

configured" firewall, and if not, what pix ios modifications would you recommend .

steve.busby · ‎09-28-2004

I can't can give you a definite "create these rules and it'll fix everything on your firewall so you can ignore the inherent OS vulnerbilities". You'll have research where your boxes are suspectible and see if you can come up with a rule to mitigate that.

Keep in mind though, there are some things a firewall just can't protect your network from. For example, if user Bob gets an email with an attachment that say's "click here for a prize". User Bob just might click that link and there's no telling what trojan or virus or worm he could let loose on your firewall protected network.