Re: Kazza and ISA server

From: Marc Ciel (marcelc20_at_hotmail.com)
Date: 08/26/03

  • Next message: c_brauckmiller_at_LEK.COM: "Re: Infect me" 
    Date: 26 Aug 2003 16:46:23 -0000
To: security-basics@securityfocus.com
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <004a01c36b9d$51078270$080205c0@precience.com>

    as others have already suggested, disable the default rule...

    make your own rule by allowing only specific (needed) protocols (like
    http, https, pop3, ftp)... this is always a good thing to do... you can
    even stop viruses from spreading this way (if you're unlucky to get one
    and it's using his own SMTP engine and SMTP is not allowed, they will not
    spread from your network into the internet... see Sobig.F and Bugbear.B)...

    also by using "integrated" authentication, you will block some
    applications from using ISA Server since many applications (including
    Netscape and Opera) are not able to use NTLM... this can be bypassed
    however...

    for MSN Messenger, ICQ and Yahoo Messenger (possibly AOL IM) you can block
    the domain used by these IM... (for ICQ it's enough to block *.icq.com)...

    P.S. i never had the time to test the schedule option that you ask of, but
    it would be of interest to me also... :)

    Marc

    >Hi All,
    >
    >Anyone has an idea how to block Instant messaging service like (MSN =
    >messanger,Yahoo messanger Aol instant messanger etc,etc through ISA =
    >Server.
    >And can anybody tell me how to restrict FTP and give on the user a =
    >scheduler basis permission of FTP through ISA Server. Example if i =
    >wanted to give a user permission by the clock 11 in the morning till 1 =
    >pm only then a user can download. or they have the FTP permission =
    >enabled.
    >
    >Thanks,
    >Shaikh Al Hadi Rasool.

    ---------------------------------------------------------------------------
    Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
    October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
    technical IT security event. Modeled after the famous Black Hat event in
    Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
    ----------------------------------------------------------------------------

  • Next message: c_brauckmiller_at_LEK.COM: "Re: Infect me"

    Relevant Pages

    • RE: Kazza and ISA server
      ... via the Smart Defense or via MS ISA server with the help of URLScan ... Modeled after the famous Black Hat event ... Symantec is the Diamond sponsor. ... Attend Black Hat Briefings & Training Federal, September 29-30, ...
      (Security-Basics)
    • Re: Kazza and ISA server
      ... in ISA server whatever is not allowed expresally is denied. ... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ...
      (Security-Basics)
    • Re: FTP doesnt run
      ... The Firewall Client needs to be installed on the workstation ... The FTP Protocol may by default be set to "Read Only". ... Understanding the ISA 2004 Access Rule Processing ... Microsoft ISA Server Partners: Partner Hardware Solutions ...
      (microsoft.public.isaserver)
    • Re: Error when FTPing
      ... My FTP server sits behind my ISA server. ... >>turns your explorer window into a passive FTP connection. ... >>I'm hoping the client can somehow turn passive mode off and then try it. ...
      (microsoft.public.inetserver.iis.ftp)
    • Re: FTP access problem
      ... Which application are the users using to access ftp? ... Are you able to access from the ISA server it self? ... >>> is an access policy rule that allows all IP traffic to all destinations ... >>> Henry Chang ...
      (microsoft.public.isaserver)