Security Basics mailing list archives

RE: Avoiding tunnels

From: rembrandt () jpberlin de
Date: Fri, 3 Mar 2006 03:32:32 +0100 (CET)

Javier,

You would need to use an application level firewall.
MS ISA 2004 is very good at this.

You can be as granular as you wish, allowing only select mime types,
HTTP commands, packet length, etc.

http://www.microsoft.com/isaserver/default.mspx

http://www.isaserver.org/  -- This is a very useful place for MS ISA
tips.

I am also more than happy to guide you too.



Tony


This could be illegal during the laws.
It`s a grayzone in Europe and I think also in other parts of the world
because during using such methods you would be theoreticly able to watch
the traffic wich tried to get transfered via tunnels (e.. SSL).

If I understood german laws correctly you`ve to inform the peoples in your
company about this (not just via Mail, a pinboard with a print out) and
you`ve to verify your actions by members of the labor union (or shop
committee).

I would higly recomment that you let confirm all your actions by the CEO.
Otherwise you may could get in trouble if you simply install such
filter-mechanism and don`t inform anybody.
Maybe it`s even illgal in your country. But this is something I don`t know.

Keeping absolutly NO Logs by the ISA-Server is something you may have to
do also. This must be (maybe) even verified regulary by the shop
committee.


Rembrandt

p.s.
Squid could be used to avoid HTTP-Tunnels too.
If this is the only tunneling you care for (except of SSH/SSL/ICMP/DNS..)
-- 
Don't buy anything from YeongYang.
Their Computercases are expensiv, they WTX-powersuplies start burning and
their support refuse any RMA even there's still some warenty.


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: Avoiding tunnels Neil (Mar 01)
- RE: Avoiding tunnels David Gillett (Mar 02)
  - Re: Avoiding tunnels Neil (Mar 02)
- <Possible follow-ups>
- RE: Avoiding tunnels Tony Stevenson (Mar 01)
  - Message not available
    - RE: Avoiding tunnels rembrandt (Mar 03)
    - Message not available
    - Re: Avoiding tunnels Brian Loe (Mar 06)
- Re: Avoiding tunnels Ansgar -59cobalt- Wiechers (Mar 01)
  - Re: Avoiding tunnels Javier Hijas (Mar 02)
    - RE: Avoiding tunnels David Gillett (Mar 02)
- RE: Avoiding tunnels Baker, Richard (Mar 03)
- Re: RE: Avoiding tunnels barcajax (Mar 03)