Earthweb: Backdoors, Back Channels and HTTP(S)

Earthweb: Backdoors, Back Channels and HTTP(S)


February 24, 2001

"As a network or system administrator, you usually desire the ability to limit what goes into and comes out of your network. People achieve this through a variety of methods, the most common by far being firewalls. However, most firewalls and networks in general do have one service they will allow no matter what - the ability for users to surf the Web. HTTP is a very simple (compared to, say, FTP) and well understood protocol, and almost every workstation on any given network is allowed to send out HTTP requests, and usually servers are as well."

"Unfortunately, by choosing to move data over popular protocols such as HTTP, especially when it can be easily encrypted, the software firms will make life extremely difficult for corporate network administrators who want to control what services and types of information enter and leave their networks. ..."