Re: [fw-wiz] Blocking Google Talk


Wait.... isn't that "security through obscurity"? What prevents the user
from using:

216.239.37.125 talk.google.com

in his hosts file? You are telling me that Google recommends attempting
to foil a resolver by returning bogus entries as an attempt to prohibit
Google Talk traffic in a network? Is that the new Status Quo of Internet
giants, giving stupid "un-security" advice like that?

Excuse me while I wipe the coffee off my screen and keyboard...

It's a reasonable first step. If the user has the ability to modify their
resolver configuration, then that may be a bigger issue than running a
chat client. After all, what's to stop the user from using an SSL tunnel
to a proxy server somewhere on the Internet? DNS tunnel? SSH tunnel...

The answer given is enough to enforce the policy from casual abusers,
which is really the goal of most protective policy measures. An active
and determined abuser needs to be held to a higher standard of account
than someone who clicked on a link on a Web page.

Once you've gotten to the circumvention stage, you're in the "removed
permanently from the network" category of users who deserves termination.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."
http://fora.compuwar.net Infosec discussion boards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards