Re: [fw-wiz] Blocking Google Talk



On 6/22/06, Oliver Humpage <oliver@xxxxxxxxxxxxxxx> wrote:
On 21/6/06 6:48 pm, "Dale W. Carder" <dwcarder@xxxxxxxxxxxxx> wrote:

Do you really think you can get away with firewalls forever? Are you
ready for the everything on port 443 internet?

Surely if you need things that locked down, you can install yourself as a CA
on desktops in the organisation, then do MITM SSL proxy filtering much as
you might do port 80 http proxy-filtering now.

Does anybody know of legal implications associated with this kind of
filtering ? A lot of organisations now allow users to bank online via
the orgs internet infrastructure as it is benefical to both parties.

If you are doing analysis on a mitm ssl stream you will potentially
collect every users banking credentials. Would you have to redirect
ssl connections to a web page that advises them of this ? I could see
that the banks would also like to be advised if you are planning to do
this and they more than likely will block access from organisations
partaking in this strategy. Banks are just the primary example.



Oliver.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



--
James
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Linux als Router
    ... # Enter all trusted network interfaces here. ... # which should be available to the internet and set FW_ROUTE to yes. ... space separated list of ports, ... # Packets to silently reject without log message. ...
    (de.comp.os.unix.linux.misc)
  • Re: SharePoint 3.0: problems with external access
    ... "Go to 'Alternate Access Mappings' and in the 'Internet Zone' for your ... Port 443 won't work because it is already used by the Default Web Site. ... What you need to do is create a wildcard certificate and use it in ISA. ... The steps to publish WSS 3.0 applications behind ISA 2004 are the same ...
    (microsoft.public.windows.server.sbs)
  • Re: companyweb from RWW
    ... "Could not open connection to the host, on port 23: ... internet should tell the tale, ... Les Connor [SBS Community Member - SBS MVP] ... This site is the default web site. ...
    (microsoft.public.windows.server.sbs)
  • Re: "Offenes" SMTP-Relay mal anders
    ... Port 25/tcp jedes am Internet angeschlossenen Hosts fuer SMTP reserviert ... marmelade von genau diesem brot eine unerwuenschte handlung sei. ...
    (de.comp.security.misc)
  • Re: SharePoint 3.0: problems with external access
    ... Create a new certificate for the WSS 3.0 website? ... "Go to 'Alternate Access Mappings' and in the 'Internet Zone' for your ... Port 443 won't work because it is already used by the Default Web Site. ... What you need to do is create a wildcard certificate and use it in ISA. ...
    (microsoft.public.windows.server.sbs)