Educause Security Discussion mailing list archives
Re: Ports/applications permitted for Guest Access
From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Fri, 16 Sep 2011 17:32:23 -0400
On Sun, Sep 11, 2011 at 1:11 PM, Dave Koontz <dkoontz () mbc edu> wrote:
As you've discovered, port based firewalls are no longer adequate in today's world. Any application can disguise itself as web traffic (http or https), and many "bad" things do.
I'm curious. For those of you with a Palo Alto or Fortinet or any of the other "we can block by protocol" firewalls, do you allow outbound SSH and HTTPS? If so, have you been able to successfully detect and stop someone from connecting to <an otherwise blocked site> or running <some arbitrarily blocked protocol> when they proxy through an SSH tunnel to an off-campus intermediate/Bastion host? If you allow outbound SSL VPNs (I'm thinking specifically of OpenVPN), have you been able to detect connections to blocked sites or usage of a blocked protocol when it goes through the SSL tunnel? kmw -- Kevin Wilcox GPEN, GCIH Network Infrastructure and Control Systems Appalachian State University Email: wilcoxkm () appstate edu Office: 828.262.6259
Current thread:
- Ports/applications permitted for Guest Access Roger A Safian (Sep 09)
- Re: Ports/applications permitted for Guest Access Kevin Wilcox (Sep 09)
- Re: Ports/applications permitted for Guest Access Derek Diget (Sep 09)
- Re: Ports/applications permitted for Guest Access Rowe, Ken (Sep 09)
- Re: Ports/applications permitted for Guest Access Robert Lau (Sep 11)
- Re: Ports/applications permitted for Guest Access Dave Koontz (Sep 11)
- Re: Ports/applications permitted for Guest Access Shannon Roddy (Sep 11)
- Re: Ports/applications permitted for Guest Access Valdis Kletnieks (Sep 11)
- Re: Ports/applications permitted for Guest Access David Gillett (Sep 12)
- Re: Ports/applications permitted for Guest Access Robert Lau (Sep 11)
- Re: Ports/applications permitted for Guest Access Robert Lau (Sep 11)
- Re: Ports/applications permitted for Guest Access Kevin Wilcox (Sep 16)
- Re: Ports/applications permitted for Guest Access Kevin Wilcox (Sep 09)
- Re: Ports/applications permitted for Guest Access (deep packet inspection) Barron Hulver (Sep 11)
- Re: Ports/applications permitted for Guest Access Matthew Gracie (Sep 19)
- Re: Ports/applications permitted for Guest Access Ed Zawacki (Sep 20)
- Re: Ports/applications permitted for Guest Access Roger A Safian (Sep 20)
- <Possible follow-ups>
- Re: Ports/applications permitted for Guest Access Gioia, Matthew P. (Sep 12)
- FW: Ports/applications permitted for Guest Access Boyd, Daniel (Sep 19)