Security Basics mailing list archives

Re: Kazza and ISA server

From: Marc Ciel <marcelc20 () hotmail com>
Date: 26 Aug 2003 16:46:23 -0000

In-Reply-To: <004a01c36b9d$51078270$080205c0 () precience com>

as others have already suggested, disable the default rule...

make your own rule by allowing only specific (needed) protocols (like 
http, https, pop3, ftp)... this is always a good thing to do... you can 
even stop viruses from spreading this way (if you're unlucky to get one 
and it's using his own SMTP engine and SMTP is not allowed, they will not 
spread from your network into the internet... see Sobig.F and Bugbear.B)...

also by using "integrated" authentication, you will block some 
applications from using ISA Server since many applications (including 
Netscape and Opera) are not able to use NTLM... this can be bypassed 
however...

for MSN Messenger, ICQ and Yahoo Messenger (possibly AOL IM) you can block 
the domain used by these IM... (for ICQ it's enough to block *.icq.com)...

P.S. i never had the time to test the schedule option that you ask of, but 
it would be of interest to me also... :)

Marc

Hi All,

Anyone has an idea how to block Instant messaging service like (MSN =
messanger,Yahoo messanger Aol instant messanger etc,etc  through ISA =
Server.
And can anybody tell me how to restrict FTP and give on the user a =
scheduler basis permission of FTP through ISA Server. Example if i =
wanted to give a user permission by the clock 11 in the morning till 1 =
pm only then a user can download. or they have the FTP permission =
enabled.

Thanks,
Shaikh Al Hadi Rasool.


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Current thread:

Kazza and ISA server Alaa Shaheen (Aug 22)
- <Possible follow-ups>
- RE: Kazza and ISA server Joey Peloquin (Aug 25)
  - Re: Kazza and ISA server Shaikh Al Hadi Rasool (Aug 26)
- RE: Kazza and ISA server Maher Odeh (Aug 25)
  - Re: Kazza and ISA server Shaikh Al Hadi Rasool (Aug 26)
  - Re: Kazza and ISA server Cosme Morales (Aug 26)
- RE: Kazza and ISA server Maher Odeh (Aug 26)
- RE: Kazza and ISA server Tony Fondo (Aug 26)
- Re: Kazza and ISA server Marc Ciel (Aug 26)
- RE: Kazza and ISA server Tim Donahue (Aug 26)