RE: Blocking ssl vpn connections

["Hayes, Ian" <Ian.Hayes () wynnlasvegas com>]

> -----Original Message-----
> From: David Gillett [mailto:gillettdavid () fhda edu]
> Sent: Monday, March 27, 2006 9:39 AM
> To: 'Andrew Stewart'; security-basics () securityfocus com
> Subject: RE: Blocking ssl vpn connections
>
>   You need an "SSL proxy" (as your firewall) to do this.
> Essentially it's a *authorized* "main in the middle", decrypting
> and examining the data stream.  At a minimum, it can verify that
> this traffic using port 443 really is HTTPS.  Some can also filter
> the stream for malware and illicit content as well.
>
>   [Check out Blue Coat -- I think they have a White Paper up about
> the things that their boxes can offer.]

I've used them before. I thought I was rather clever tunneling SSH
traffic out through an SSL wrapper to my server at home, but apparently
the guys running the box saw something that didn't look quite right. But
what really sucked was that none of us could figure out how to block it
with the Bluecoat. Their instructions seemed really focused on blocking
tunneled traffic that came from httptunnel. I was using something else
that seemed to completely baffle the Bluecoat, but at least it was being
detected.

Ian Hayes | Senior Systems Engineer
Wynn Las Vegas
3131 South Las Vegas Blvd, Las Vegas, NV 89109
Ph (702) 770-3252 | Cell (702) 266-6002
Ian.hayes () wynnlasvegas com


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------