Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ports/applications permitted for Guest Access

From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Fri, 16 Sep 2011 17:32:23 -0400
On Sun, Sep 11, 2011 at 1:11 PM, Dave Koontz <dkoontz () mbc edu> wrote:


As you've discovered, port based firewalls are no longer adequate in today's
world.  Any application can disguise itself as web traffic (http or https),
and many "bad" things do.


I'm curious.

For those of you with a Palo Alto or Fortinet or any of the other "we
can block by protocol" firewalls, do you allow outbound SSH and HTTPS?
If so, have you been able to successfully detect and stop someone from
connecting to <an otherwise blocked site> or running <some arbitrarily
blocked protocol> when they proxy through an SSH tunnel to an
off-campus intermediate/Bastion host? If you allow outbound SSL VPNs
(I'm thinking specifically of OpenVPN), have you been able to detect
connections to blocked sites or usage of a blocked protocol when it
goes through the SSL tunnel?

kmw

-- 
Kevin Wilcox GPEN, GCIH
Network Infrastructure and Control Systems
Appalachian State University
Email: wilcoxkm () appstate edu
Office: 828.262.6259
Previous By Date Next
Previous By Thread Next

Current thread: