Mark Wilson enjoyed a TechNet event so much he wrote an article all about it!
Most firewalls only inspect the packet header of each piece of traffic and ignore the payload itself. As Mark explains traffic that's destined for port 80 may not necessarily be HTTP and yet most firewalls assume this to be the case. Many people regard port 80 as the Universal Firewall Bypass port as it's normally open for inbound traffic and generally pretty much any traffic can be passed through it!
Microsoft's Enterprise Firewall - ISA Server inspects both the header and payload of each packet and assures that traffic headed to the webserver is actually RFC compliant HTTP thereby cutting out a whole class of attack vector.
You can read Mark's article here
Where is the actual article titled "How to Protect your Network with ISA 2004" from Mark Wilson? The link ("you can read Mark's article *here*") doesn't go anywhere, except back to the home page listing here:
Thanks. Fantastic resource, by the way!
PingBack from http://www.youknowone.co.uk/blog/2005/05/httpmark-wilsonblogspotcom200505im-famous-sort-ofhtm.htm
PingBack from http://www.youknowone.co.uk/blog/2005/05/im-famous-sort-of.htm
PingBack from http://markwilson.me.uk/blog/2005/05/im-famous-sort-of.htm
PingBack from http://winblogs.security-feed.com/2005/05/06/how-to-protect-your-network-with-isa-2004/