[fw-wiz] Prohibiting SSL VPNs

• Previous message: Nate Campi: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
• Next in thread: Frederick M Avolio: "Re: [fw-wiz] Prohibiting SSL VPNs"
• Reply: Frederick M Avolio: "Re: [fw-wiz] Prohibiting SSL VPNs"
• Maybe reply: Melson, Paul: "RE: [fw-wiz] Prohibiting SSL VPNs"
• Maybe reply: Desai, Ashish: "RE: [fw-wiz] Prohibiting SSL VPNs"
• Reply: Paul D. Robertson: "Re: [fw-wiz] Prohibiting SSL VPNs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Thu, 20 May 2004 13:40:46 +0300 (EEST)

Hello all,

Does anybody have any ideas on how I could prohibit the usage of SSL VPNs
like the one offered by F5 (Firepass), since this requires only the
ability for the client to make an https connection (bypassing any kind of
firewall/proxy)? Since this product (or any similar) creates some kind of
PPP connection over https, installs routes on the PC etc. it will create a
lot of problems. (see also: Worms, Air Gaps etc)

I know that I could possibly stop the downloading of ActiveX/Java applets
via some kind of web filtering software but this also has a lot of
side effects, or I could use some kind of whitelist for https connections,
but this is too difficult to manage/maintain.

Thanks,
John

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Nate Campi: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
• Next in thread: Frederick M Avolio: "Re: [fw-wiz] Prohibiting SSL VPNs"
• Reply: Frederick M Avolio: "Re: [fw-wiz] Prohibiting SSL VPNs"
• Maybe reply: Melson, Paul: "RE: [fw-wiz] Prohibiting SSL VPNs"
• Maybe reply: Desai, Ashish: "RE: [fw-wiz] Prohibiting SSL VPNs"
• Reply: Paul D. Robertson: "Re: [fw-wiz] Prohibiting SSL VPNs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]