Educause Security Discussion mailing list archives

Re: Ports/applications permitted for Guest Access (deep packet inspection)

From: Barron Hulver <Barron.Hulver () OBERLIN EDU>
Date: Sun, 11 Sep 2011 16:00:36 -0400

I'm not doing deep application inspection yet, but that is where I wantto go. (I think the whole industry is going that direction.) I've beenwatching the next-gen firewall space and talking to others since Iattended the Internet-2 Joint Techs conference in the summer of 2009.On Thursday I received a Palo Alto next-generation firewall for evaluation.



Barron

Barron Hulver
Director of Networking, Operations, and Systems
Center for Information Technology
Oberlin College
148 West College Street
Oberlin, OH  44074
http://www2.oberlin.edu/staff/bhulver/






On 9/11/11 10:39 AM, Robert Lau wrote:

Is anybody doing protocol/application inspection?  Once ports 80/443/22/etc are allowed, an app can pump any data 
through; it does not have to be http/https/ssh/etc.  In olden days, this would probably only be done by a clueful user, 
but many applications do this automatically now specifically to handle port restrictions.

-robert

Current thread:

Re: Ports/applications permitted for Guest Access, (continued)
- Re: Ports/applications permitted for Guest Access Kevin Wilcox (Sep 09)
  - Re: Ports/applications permitted for Guest Access Derek Diget (Sep 09)
- Re: Ports/applications permitted for Guest Access Rowe, Ken (Sep 09)
  - Re: Ports/applications permitted for Guest Access Robert Lau (Sep 11)
    - Re: Ports/applications permitted for Guest Access Dave Koontz (Sep 11)
    - Re: Ports/applications permitted for Guest Access Shannon Roddy (Sep 11)
    - Re: Ports/applications permitted for Guest Access Valdis Kletnieks (Sep 11)
    - Re: Ports/applications permitted for Guest Access David Gillett (Sep 12)
    - Re: Ports/applications permitted for Guest Access Robert Lau (Sep 11)
    - Re: Ports/applications permitted for Guest Access Kevin Wilcox (Sep 16)
    - Re: Ports/applications permitted for Guest Access (deep packet inspection) Barron Hulver (Sep 11)
- Re: Ports/applications permitted for Guest Access Roger A Safian (Sep 16)
  - Re: Ports/applications permitted for Guest Access Matthew Gracie (Sep 19)
  - Re: Ports/applications permitted for Guest Access Ed Zawacki (Sep 20)
    - Re: Ports/applications permitted for Guest Access Roger A Safian (Sep 20)
- Re: Ports/applications permitted for Guest Access Roger A Safian (Sep 19)
- Re: Ports/applications permitted for Guest Access Gioia, Matthew P. (Sep 12)
- FW: Ports/applications permitted for Guest Access Boyd, Daniel (Sep 19)