RE: p2p and ISA

• Previous message: Jamey Maze: "Timbuktu, etc."
• Maybe in reply to: Edward Smith: "p2p and ISA"
• Next in thread: Ben Dumke: "RE: p2p and ISA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 8 May 2003 07:59:05 -0700
To: "Jason Beauford" <Jbeauford@mill-max.com>, "Duston Sickler" <dustons@ABSWEBB.NET>, <focus-ms@securityfocus.com>

Sadly, yes.

User/Power User sets a flag that if the installer respects it, will not
allow the user to install the application. Most P2P applications, along
with a large host of IM clients, don't support this flag, and just
install anyways. (I could be wrong on the mechanism, but the behavior is
there.)

If you're willing to throw money at the problem, Zone Alarm's Integrity
server can lock individual processes off the network. Quite handy for
locking out stuff like Kazaa, etc.

Thanks,
Thane

-----Original Message-----
From: Jason Beauford [mailto:Jbeauford@mill-max.com]
Sent: Tuesday, May 06, 2003 1:06 PM
To: Duston Sickler; focus-ms@securityfocus.com
Subject: RE: p2p and ISA

End Users can't install what they don't have access to.

Why not limit access to User / Power User at the console (provided W2K
environment) thereby denying the possibility of any type of P2P being
installed?

Am I thinking too simplistically?

> -----Original Message-----
> From: Duston Sickler [mailto:dustons@ABSWEBB.NET]
> Sent: Tuesday, May 06, 2003 12:55 PM
> To: 'focus-ms@securityfocus.com '
> Subject: RE: p2p and ISA
>
>
> I think you will have a tough time blocking such
> applications. They will search for ports not being blocked
> in order to make connections such as 110, 21, and 80. I am
> not familiar with ISA server but the only way I know of to
> block them is at the application layer.
>
> Good Luck,
>
> Duston Sickler
> There are only 10 types of people in the world, those who
> understand binary and those who don't.
>
> -----Original Message-----
> From: Edward Smith
> To: focus-ms@securityfocus.com
> Sent: 5/5/03 9:50 PM
> Subject: p2p and ISA
>
>
>
> Greetings everyone,
>
> My apologies if this is not the correct forum for this
> posting. I work for
>
> a small shop running MS ISA. Has anyone successfully blocked
> inbound &
>
> outbound p2p file sharing (Kazaa, Morpheus, etc) using ISA? It's not
>
> enough to configure rules blocking port 1214 in and out as I've been
>
> reading in other forums. I would appreciate any suggestions
> any of you may
>
> have for how to do this either through the list or via offlist reply.
>
>
>
> Thanks in advance.
>
> --------------------------------------------------------------
> ----------
> -----
> FastTrain has your solution for a great CISSP Boot Camp. The
> industry`s most
> recognized corporate security certification track, provides a
> comprehensive
> prospectus based upon the core principle concepts of
> security. This ALL INCLUSIVE curriculum utilizes lectures,
> case studies and true hands-on utilization
> of pertinent security tools. For a limited time you can enter
> for a chance
> to win one of the latest technological innovations, the SEGWAY HT.
> Log onto http://www.securityfocus.com/FastTrain-focus-ms
> --------------------------------------------------------------
> ----------
> ------
>
> --------------------------------------------------------------
> ---------------
> FastTrain has your solution for a great CISSP Boot Camp. The
> industry`s most
> recognized corporate security certification track, provides a
> comprehensive
> prospectus based upon the core principle concepts of
> security. This ALL INCLUSIVE curriculum utilizes lectures,
> case studies and true hands-on utilization
> of pertinent security tools. For a limited time you can enter
> for a chance
> to win one of the latest technological innovations, the SEGWAY HT.
> Log onto http://www.securityfocus.com/FastTrain-focus-ms
> --------------------------------------------------------------
> ----------------
>
>

------------------------------------------------------------------------
-----
FastTrain has your solution for a great CISSP Boot Camp. The industry`s
most
recognized corporate security certification track, provides a
comprehensive
prospectus based upon the core principle concepts of security. This ALL
INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
utilization
of pertinent security tools. For a limited time you can enter for a
chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-focus-ms
------------------------------------------------------------------------
------

-----------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry`s most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-focus-ms
------------------------------------------------------------------------------

• Previous message: Jamey Maze: "Timbuktu, etc."
• Maybe in reply to: Edward Smith: "p2p and ISA"
• Next in thread: Ben Dumke: "RE: p2p and ISA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]