Security Basics mailing list archives
Re: Avoiding tunnels
From: Javier Hijas <jhijas () germinus com>
Date: Thu, 02 Mar 2006 12:50:49 +0100
Thanks all, It's clear that to inspect http protocol I need an application level firewall. I know about netfilter add-ons and comercial firewalls like ISA and checkpoint (with "application intelligence" ;-) implementing this osi level inspection, but I see no way to check ssl traffic: opening navigation traffic for users means opening at least 80 and 443 ports. I can open a ssh tunel troght 443 port even with "ssl inspection". Access lists has no reason to be implemented when you deal with "shrewd" users? Ansgar -59cobalt- Wiechers wrote:
On 2006-02-28 Javier Hijas wrote:I wonder if there is a way to avoid tunnels via fw (v.g. netfilter). How can I control that an opened port 80 is not used to tunel to a ssh server listening at port 80?You need to filter on layer 7 instead of layer 3/4, e.g. by proxying the traffic. Regards Ansgar Wiechers
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Avoiding tunnels Neil (Mar 01)
- RE: Avoiding tunnels David Gillett (Mar 02)
- Re: Avoiding tunnels Neil (Mar 02)
- <Possible follow-ups>
- RE: Avoiding tunnels Tony Stevenson (Mar 01)
- Message not available
- RE: Avoiding tunnels rembrandt (Mar 03)
- Message not available
- Re: Avoiding tunnels Brian Loe (Mar 06)
- Message not available
- RE: Avoiding tunnels David Gillett (Mar 02)
- Re: Avoiding tunnels Javier Hijas (Mar 02)
- RE: Avoiding tunnels David Gillett (Mar 02)