Re: Blocking unauthorized remote access
- From: chilly8@xxxxxxxxxxx
- Date: 24 Sep 2006 04:59:49 -0700
X-No-Archive: Yes
Mike Dorn wrote:
Has anybody seen a comprehensive list of addresses used by the various
"services" that allow unauthorized users to remote into their work computers
from home, bypassing corporate security? These things work by making an
outbound connection from the target PC to a fixed external site. The user then
contacts the external site from their home PC or traveling laptop, and the site
uses the previously-opened connection to create a remote session for them. It's
not caught by normal firewall config, because the outbound ssl connection
appears to be legal.
I'm sure this is a valuable tool for some folks, but it breaks security policy
by allowing unauthorized remote access, so my client wants the ability to shut
it down. (They have a secure VPN solution for those with legitimate need; these
rogue connections are being used by folks without authorization.) Because of
the size and complexity of the business, it's really not practical to use a
"whitelist" approach to outbound connections. There are also several
mission-critical apps that depend on long-term connections, so limiting the
connection lifetime or access hours is out as well. It makes sense to me to
just block outbound connections to the specific IP addresses of these external
services, but that means I need to know where all of them are. I've got the
info for gotomypc.com and logmein.com, but there's at least half a dozen others
out there commonly in use, probably a lot more. Most of them provide no useful
tech information on their websites, as they're in the business of selling access
services to the users, not helping network admins enforce corporate policy.
Anybody dealt with this before, or know of a good resource?
If people cannot access, they dont make money. That is why they are
not ABOUT to provide admins with any information to help them shut the
services down. That would be akin to letting the fox guard the chicken
coup, as it were.
When I was at Anonymous Antarctic Media, before I went off and
formed my own online media company, I was head of a staff of engineers
who job it was to design countermeasures for every measure that admins
might take to block the service. I am sure that GoToMyPC, LogMeIn, and
others probably have similar staffs of engineers whose job it is to
design countermeasures for every measure admins take to block thier
service. Nothing personal, but its a matter of the bottom line. If
people cannot connect, the company does not make any money. For some
services, there are companies with whole ARMIES of engineers who job it
is to design countermeasures for every attempt made to block the
companies' content.
I know that all the song swapping services, in their heydey, hired
engineers whose job it was to make it difficult, if not impossible, for
firewalls to 100 percent block their services, and they were wildly
successful at that. Kazaa and Grokster, in their heydey, were about as
close to being a sysadmins worst nightmare, as you could get.
.
- References:
- Blocking unauthorized remote access
- From: Mike Dorn
- Blocking unauthorized remote access
- Prev by Date: Re: Blocking unauthorized remote access
- Next by Date: Re: Outpost firewall prob when shutting down PC (XP SP2)
- Previous by thread: Re: Blocking unauthorized remote access
- Next by thread: Re: Blocking unauthorized remote access
- Index(es):
Relevant Pages
|
