Security Basics mailing list archives
Re: MobileMe
From: "Kurt Buff" <kurt.buff () gmail com>
Date: Tue, 23 Sep 2008 09:41:01 -0700
On Fri, Sep 19, 2008 at 10:45 AM, Tremaine Lea <tremaine () gmail com> wrote:
If just using a firewall, I'd recommend blocking outbound TCP on 80 and 443 to www.me.com, me.com, mac.com, www.mac.com and auth.me.com Breaking access to auth.me.com is the key here, as it will prevent them from authenticating. If you have a content filter capable of handling ssl, I'd create a blocked webmail category and adding those domains to it with a useful block message to point users to company policy about why they are not permitted access. For this to be reasonably successful, it also depends on you having good egress filtering in place to prevent someone from simply ssh'ing to a system outside and launching a browser that way, or using a proxy of some kind. Good luck.
If you're going to do that, it's even easier, assuming you have the authority and means to do so, to put up a new zone on your internal DNS for me.com, and put in a wildcard A record that points to 127.0.0.1. That'll stop most of it right there, without your firewall having to either resolve it itself, or you having to find and block all of the IP addresses the service uses.
Current thread:
- Security Basics Exercise - How do you know? Ryan Greenier (Sep 11)
- RE: Security Basics Exercise - How do you know? David Gillett (Sep 12)
- Re: Security Basics Exercise - How do you know? ॐ aditya mukadam ॐ (Sep 12)
- Re: Security Basics Exercise - How do you know? Meenal Mukadam (Sep 16)
- MobileMe Krzyston, Randy (Sep 18)
- Re: MobileMe Phil Holbrook (Sep 19)
- Re: MobileMe Xelman (Sep 19)
- Re: MobileMe Tremaine Lea (Sep 22)
- Re: MobileMe Kurt Buff (Sep 23)
- Re: MobileMe Tremaine Lea (Sep 23)
- Re: Security Basics Exercise - How do you know? Meenal Mukadam (Sep 16)
- <Possible follow-ups>
- Re: Security Basics Exercise - How do you know? krymson (Sep 14)
- Re: Security Basics Exercise - How do you know? alexander . bolante (Sep 18)