Security Basics mailing list archives

Re: MobileMe

From: "Kurt Buff" <kurt.buff () gmail com>
Date: Tue, 23 Sep 2008 09:41:01 -0700

On Fri, Sep 19, 2008 at 10:45 AM, Tremaine Lea <tremaine () gmail com> wrote:

If just using a firewall, I'd recommend blocking outbound TCP on 80 and
443 to www.me.com, me.com, mac.com, www.mac.com and auth.me.com

Breaking access to auth.me.com is the key here, as it will prevent them
from authenticating.

If you have a content filter capable of handling ssl, I'd create a
blocked webmail category and adding those domains to it with a useful
block message to point users to company policy about why they are not
permitted access.

For this to be reasonably successful, it also depends on you having good
egress filtering in place to prevent someone from simply ssh'ing to a
system outside and launching a browser that way, or using a proxy of
some kind.

Good luck.


If you're going to do that, it's even easier, assuming you have the
authority and means to do so, to put up a new zone on your internal
DNS for me.com, and put in a wildcard A record that points to
127.0.0.1.

That'll stop most of it right there, without your firewall having to
either resolve it itself, or you having to find and block all of the
IP addresses the service uses.

Current thread:

Security Basics Exercise - How do you know? Ryan Greenier (Sep 11)
- RE: Security Basics Exercise - How do you know? David Gillett (Sep 12)
- Re: Security Basics Exercise - How do you know? ॐ aditya mukadam ॐ (Sep 12)
  - Re: Security Basics Exercise - How do you know? Meenal Mukadam (Sep 16)
    - MobileMe Krzyston, Randy (Sep 18)
    - Re: MobileMe Phil Holbrook (Sep 19)
    - Re: MobileMe Xelman (Sep 19)
    - Re: MobileMe Tremaine Lea (Sep 22)
    - Re: MobileMe Kurt Buff (Sep 23)
    - Re: MobileMe Tremaine Lea (Sep 23)
- <Possible follow-ups>
- Re: Security Basics Exercise - How do you know? krymson (Sep 14)
- Re: Security Basics Exercise - How do you know? alexander . bolante (Sep 18)