Security Basics mailing list archives
RE: Avoiding tunnels
From: rembrandt () jpberlin de
Date: Fri, 3 Mar 2006 03:32:32 +0100 (CET)
Javier, You would need to use an application level firewall. MS ISA 2004 is very good at this. You can be as granular as you wish, allowing only select mime types, HTTP commands, packet length, etc. http://www.microsoft.com/isaserver/default.mspx http://www.isaserver.org/ -- This is a very useful place for MS ISA tips. I am also more than happy to guide you too. Tony
This could be illegal during the laws. It`s a grayzone in Europe and I think also in other parts of the world because during using such methods you would be theoreticly able to watch the traffic wich tried to get transfered via tunnels (e.. SSL). If I understood german laws correctly you`ve to inform the peoples in your company about this (not just via Mail, a pinboard with a print out) and you`ve to verify your actions by members of the labor union (or shop committee). I would higly recomment that you let confirm all your actions by the CEO. Otherwise you may could get in trouble if you simply install such filter-mechanism and don`t inform anybody. Maybe it`s even illgal in your country. But this is something I don`t know. Keeping absolutly NO Logs by the ISA-Server is something you may have to do also. This must be (maybe) even verified regulary by the shop committee. Rembrandt p.s. Squid could be used to avoid HTTP-Tunnels too. If this is the only tunneling you care for (except of SSH/SSL/ICMP/DNS..) -- Don't buy anything from YeongYang. Their Computercases are expensiv, they WTX-powersuplies start burning and their support refuse any RMA even there's still some warenty. --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Avoiding tunnels Neil (Mar 01)
- RE: Avoiding tunnels David Gillett (Mar 02)
- Re: Avoiding tunnels Neil (Mar 02)
- <Possible follow-ups>
- RE: Avoiding tunnels Tony Stevenson (Mar 01)
- Message not available
- RE: Avoiding tunnels rembrandt (Mar 03)
- Message not available
- Re: Avoiding tunnels Brian Loe (Mar 06)
- Message not available
- RE: Avoiding tunnels David Gillett (Mar 02)
- Re: Avoiding tunnels Javier Hijas (Mar 02)
- RE: Avoiding tunnels David Gillett (Mar 02)