RE: Avoiding tunnels
- From: "David Gillett" <gillettdavid@xxxxxxxx>
- Date: Thu, 2 Mar 2006 10:13:12 -0800
Blue Coat's new "SG" appliance line are SSL proxies (with
hardware assist); one of their intended uses is as an SSL
Man-in-the-Middle to catch stuff trying to sneak in over 443.
(They already did 80 without the encryption hardware.)
[They retain full proxy server functionality, or can be
used as a reverse proxy/SSL accelerator in front of your
servers, too.]
David Gillett
-----Original Message-----
From: Javier Hijas [mailto:jhijas@xxxxxxxxxxxx]
Sent: Thursday, March 02, 2006 3:51 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Avoiding tunnels
Thanks all, It's clear that to inspect http protocol I need
an application level firewall. I know about netfilter add-ons
and comercial firewalls like ISA and checkpoint (with
"application intelligence" ;-) implementing this osi level
inspection, but I see no way to check ssl
traffic: opening navigation traffic for users means opening
at least 80 and 443 ports. I can open a ssh tunel troght 443
port even with "ssl inspection".
Access lists has no reason to be implemented when you deal
with "shrewd"
users?
Ansgar -59cobalt- Wiechers wrote:
On 2006-02-28 Javier Hijas wrote:netfilter).
I wonder if there is a way to avoid tunnels via fw (v.g.
tunel to a sshHow can I control that an opened port 80 is not used to
proxyingserver listening at port 80?
You need to filter on layer 7 instead of layer 3/4, e.g. by
the traffic.
Regards
Ansgar Wiechers
--------------------------------------------------------------
-------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec
management education and the case study affords you unmatched
consulting experience.
Tailor your education to your own professional goals with
degree customizations including Emergency Management,
Business Continuity Planning, Computer Emergency Response
Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------
-------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- Re: Avoiding tunnels
- From: Javier Hijas
- Re: Avoiding tunnels
- Prev by Date: Re: Audit account (Windows 2000 AD)
- Next by Date: Surge in Proxy Scanning Activities
- Previous by thread: Re: Avoiding tunnels
- Next by thread: RE: Avoiding tunnels
- Index(es):
Relevant Pages
|
|
