Security Basics mailing list archives
RE: Preventing tunnels through HTTPS proxies
From: "Erik Soosalu" <eriks () nationalfastfreight com>
Date: Wed, 17 Jun 2009 14:27:50 -0400
-----Original Message----- From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of Mariusz Kruk Sent: Wednesday, June 17, 2009 10:32 AM To: security-basics () securityfocus com Subject: Re: Preventing tunnels through HTTPS proxies On Wed, 2009-06-17 at 12:48 +1200, Michal Ludvig wrote:I wonder how to prevent these abuses? Clearly the traffic pattern
for a
VPN will be distinguishable from a genuine HTTPS traffic - but how
to
detect it? Alternatively playing a man-in-the-middle on the proxy, decrypting all the traffic, inspecting that it's indeed HTTP and encrypting back with a key signed by a private CA that all the
desktops
in the corporation would trust may be another option. Any other
ideas?
You know, of course, that HTTPS was made so such tampering would be
made
impossible, right? How would you want to re-encrypt the traffic _with original server's private key_? It's not only the matter of trusting
the
CA, but also the matter of the stuff in SSL certificate matching the actual server parameters.
Read his paragraph again - he talks about re-encrypting the traffic with a Private CA. In a MS environment, this would be easy to push out the private cert via GPO. There are appliances that do break the HTTPS stream as proposed. I have one sitting in my rack. The questions is are you trying to block staff access out or other access out. With monitoring you can figure out where they went and then deal with it an HR fashion. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Preventing tunnels through HTTPS proxies Michal Ludvig (Jun 17)
- Re: Preventing tunnels through HTTPS proxies Mariusz Kruk (Jun 17)
- RE: Preventing tunnels through HTTPS proxies Erik Soosalu (Jun 17)
- Re: Preventing tunnels through HTTPS proxies Morgan Reed (Jun 18)
- RE: Preventing tunnels through HTTPS proxies Erik Soosalu (Jun 18)
- RE: Preventing tunnels through HTTPS proxies Mariusz Kruk (Jun 19)
- RE: Preventing tunnels through HTTPS proxies Erik Soosalu (Jun 17)
- Re: Preventing tunnels through HTTPS proxies Mariusz Kruk (Jun 17)
- RE: Preventing tunnels through HTTPS proxies Ken Kousky (Jun 18)
- Message not available
- Re: Preventing tunnels through HTTPS proxies Aarón Mizrachi (Jun 18)