Re: httport 3snf

["Ryan M. Ferris" <rferris () rmfdevelopment com>]

I think some of the suggestions here are useful, but I don't think the scope
of the problem is being broadly examined.

Desktop policies on many college campuses are more difficult  to implement
than in corporate environments - more users and much, much less staff.
Usually the campus requires their 10 - 30 K user population to provide their
own laptop and just enables a dorm room port on request. Of course many
other policies are available, but for a typical campus environment assume
that a user can and will have root/admin access on two boxes - on both sides
of the firewall.

The SSL proxy sounds like an excellent idea but not all these firewalls
evasion utilities  required SSL/Connect.

Are there application layer routers that can deny all SSL except for MAC
addresses or IPs on an appoved ACL? I know this could be a nightmare to
enforce, but I think we may be getting to the point where networks only
approve certain IP addresses for SSL/connect??.

Check out some of the other tools that are being used for firewall evasion
across college campuses. I think you will find Robert's problem is more
strategic than it appears:

http://www.slyck.com/forums/viewtopic.php?p=1370
http://www.totalrc.net/s2h/index.html
http://www.totalrc.net/s2h/faq.html#http_proxy

Ryan M. Ferris
rferris () rmfdevelopment com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards