Security Basics mailing list archives

RE: Avoiding tunnels

From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 2 Mar 2006 10:13:12 -0800

  Blue Coat's new "SG" appliance line are SSL proxies (with 
hardware assist); one of their intended uses is as an SSL
Man-in-the-Middle to catch stuff trying to sneak in over 443.
(They already did 80 without the encryption hardware.)
  [They retain full proxy server functionality, or can be
used as a reverse proxy/SSL accelerator in front of your
servers, too.]

David Gillett

-----Original Message-----
From: Javier Hijas [mailto:jhijas () germinus com] 
Sent: Thursday, March 02, 2006 3:51 AM
To: security-basics () securityfocus com
Subject: Re: Avoiding tunnels

Thanks all, It's clear that to inspect http protocol I need 
an application level firewall. I know about netfilter add-ons 
and comercial firewalls like ISA and checkpoint (with 
"application intelligence" ;-) implementing this osi level 
inspection, but I see no way to check ssl
traffic: opening navigation traffic for users means opening 
at least 80 and 443 ports. I can open a ssh tunel troght 443 
port even with "ssl inspection".

Access lists has no reason to be implemented when you deal 
with "shrewd"
users?

Ansgar -59cobalt- Wiechers wrote:

On 2006-02-28 Javier Hijas wrote:

 I wonder if there is a way to avoid tunnels via fw (v.g.

netfilter).

How can I control that an opened port 80 is not used to

tunel to a ssh

server listening at port 80?



You need to filter on layer 7 instead of layer 3/4, e.g. by

proxying

the traffic.

Regards
Ansgar Wiechers



--------------------------------------------------------------
-------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE 
The Norwich University program offers unparalleled Infosec 
management education and the case study affords you unmatched 
consulting experience. 
Tailor your education to your own professional goals with 
degree customizations including Emergency Management, 
Business Continuity Planning, Computer Emergency Response 
Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------
-------------



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: Avoiding tunnels Neil (Mar 01)
- RE: Avoiding tunnels David Gillett (Mar 02)
  - Re: Avoiding tunnels Neil (Mar 02)
- <Possible follow-ups>
- RE: Avoiding tunnels Tony Stevenson (Mar 01)
  - Message not available
    - RE: Avoiding tunnels rembrandt (Mar 03)
    - Message not available
    - Re: Avoiding tunnels Brian Loe (Mar 06)
- Re: Avoiding tunnels Ansgar -59cobalt- Wiechers (Mar 01)
  - Re: Avoiding tunnels Javier Hijas (Mar 02)
    - RE: Avoiding tunnels David Gillett (Mar 02)
- RE: Avoiding tunnels Baker, Richard (Mar 03)
- Re: RE: Avoiding tunnels barcajax (Mar 03)