RE: p2p and ISA

From: Thane Walkup (twalkup_at_quorumreview.com)
Date: 05/08/03

  • Next message: Joshua Levitsky: "Re: Timbuktu, etc."
    Date: Thu, 8 May 2003 07:59:05 -0700
    To: "Jason Beauford" <Jbeauford@mill-max.com>, "Duston Sickler" <dustons@ABSWEBB.NET>, <focus-ms@securityfocus.com>
    

    Sadly, yes.

    User/Power User sets a flag that if the installer respects it, will not
    allow the user to install the application. Most P2P applications, along
    with a large host of IM clients, don't support this flag, and just
    install anyways. (I could be wrong on the mechanism, but the behavior is
    there.)

    If you're willing to throw money at the problem, Zone Alarm's Integrity
    server can lock individual processes off the network. Quite handy for
    locking out stuff like Kazaa, etc.

    Thanks,
    Thane

    -----Original Message-----
    From: Jason Beauford [mailto:Jbeauford@mill-max.com]
    Sent: Tuesday, May 06, 2003 1:06 PM
    To: Duston Sickler; focus-ms@securityfocus.com
    Subject: RE: p2p and ISA

    End Users can't install what they don't have access to.

    Why not limit access to User / Power User at the console (provided W2K
    environment) thereby denying the possibility of any type of P2P being
    installed?

    Am I thinking too simplistically?

    > -----Original Message-----
    > From: Duston Sickler [mailto:dustons@ABSWEBB.NET]
    > Sent: Tuesday, May 06, 2003 12:55 PM
    > To: 'focus-ms@securityfocus.com '
    > Subject: RE: p2p and ISA
    >
    >
    > I think you will have a tough time blocking such
    > applications. They will search for ports not being blocked
    > in order to make connections such as 110, 21, and 80. I am
    > not familiar with ISA server but the only way I know of to
    > block them is at the application layer.
    >
    > Good Luck,
    >
    > Duston Sickler
    > There are only 10 types of people in the world, those who
    > understand binary and those who don't.
    >
    > -----Original Message-----
    > From: Edward Smith
    > To: focus-ms@securityfocus.com
    > Sent: 5/5/03 9:50 PM
    > Subject: p2p and ISA
    >
    >
    >
    > Greetings everyone,
    >
    > My apologies if this is not the correct forum for this
    > posting. I work for
    >
    > a small shop running MS ISA. Has anyone successfully blocked
    > inbound &
    >
    > outbound p2p file sharing (Kazaa, Morpheus, etc) using ISA? It's not
    >
    > enough to configure rules blocking port 1214 in and out as I've been
    >
    > reading in other forums. I would appreciate any suggestions
    > any of you may
    >
    > have for how to do this either through the list or via offlist reply.
    >
    >
    >
    > Thanks in advance.
    >
    > --------------------------------------------------------------
    > ----------
    > -----
    > FastTrain has your solution for a great CISSP Boot Camp. The
    > industry`s most
    > recognized corporate security certification track, provides a
    > comprehensive
    > prospectus based upon the core principle concepts of
    > security. This ALL INCLUSIVE curriculum utilizes lectures,
    > case studies and true hands-on utilization
    > of pertinent security tools. For a limited time you can enter
    > for a chance
    > to win one of the latest technological innovations, the SEGWAY HT.
    > Log onto http://www.securityfocus.com/FastTrain-focus-ms
    > --------------------------------------------------------------
    > ----------
    > ------
    >
    > --------------------------------------------------------------
    > ---------------
    > FastTrain has your solution for a great CISSP Boot Camp. The
    > industry`s most
    > recognized corporate security certification track, provides a
    > comprehensive
    > prospectus based upon the core principle concepts of
    > security. This ALL INCLUSIVE curriculum utilizes lectures,
    > case studies and true hands-on utilization
    > of pertinent security tools. For a limited time you can enter
    > for a chance
    > to win one of the latest technological innovations, the SEGWAY HT.
    > Log onto http://www.securityfocus.com/FastTrain-focus-ms
    > --------------------------------------------------------------
    > ----------------
    >
    >

    ------------------------------------------------------------------------
    -----
    FastTrain has your solution for a great CISSP Boot Camp. The industry`s
    most
    recognized corporate security certification track, provides a
    comprehensive
    prospectus based upon the core principle concepts of security. This ALL
    INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
    utilization
    of pertinent security tools. For a limited time you can enter for a
    chance
    to win one of the latest technological innovations, the SEGWAY HT.
    Log onto http://www.securityfocus.com/FastTrain-focus-ms
    ------------------------------------------------------------------------
    ------

    -----------------------------------------------------------------------------
    FastTrain has your solution for a great CISSP Boot Camp. The industry`s most
    recognized corporate security certification track, provides a comprehensive
    prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
    of pertinent security tools. For a limited time you can enter for a chance
    to win one of the latest technological innovations, the SEGWAY HT.
    Log onto http://www.securityfocus.com/FastTrain-focus-ms
    ------------------------------------------------------------------------------


  • Next message: Joshua Levitsky: "Re: Timbuktu, etc."

    Relevant Pages

    • RE: Share Point?
      ... Sharepoint actually has the ability to use either Domain logins or locally ... Has anyone here tested Share Point's security? ... >INCLUSIVE curriculum utilizes lectures, ... For a limited time you can enter for a chance ...
      (Focus-Microsoft)
    • RE: LANguard vs Nessus
      ... prospectus based upon the core principle concepts of security. ... This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization ... of pertinent security tools. ... For a limited time you can enter for a chance ...
      (Security-Basics)
    • RE: block internet at two workstations :VSMail mx1
      ... > Data Security Administrator ... > FastTrain has your solution for a great CISSP Boot Camp. ... > INCLUSIVE curriculum utilizes lectures, ... For a limited time you can enter for a chance ...
      (Security-Basics)
    • RE: p2p and ISA
      ... End Users can't install what they don't have access to. ... > recognized corporate security certification track, ... This ALL INCLUSIVE curriculum utilizes lectures, ... For a limited time you can enter ...
      (Focus-Microsoft)
    • RE: Share Point?
      ... Has anyone here tested Share Point's security? ... prospectus based upon the core principle concepts of security. ... INCLUSIVE curriculum utilizes lectures, ... For a limited time you can enter for a ...
      (Focus-Microsoft)