Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Prohibiting SSL VPNs

From: "Desai, Ashish" <Ashish.Desai () fmr com>
Date: Fri, 21 May 2004 15:19:41 -0400

You would have to disable the "CONNECT" http verb in your
web proxy. This will also disable all SSL access to legitimate web
sites.

The other option is to have your web proxy timeout SSL connections after

a certain time. Not sure if this be enough to break(hamper) SSL VPN's.

Ashish

-----Original Message-----
From: John Kougoulos [mailto:koug () intranet gr] 
Sent: Thursday, May 20, 2004 6:41 AM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Prohibiting SSL VPNs



Hello all,

Does anybody have any ideas on how I could prohibit the usage of SSL
VPNs
like the one offered by F5 (Firepass), since this requires only the
ability for the client to make an https connection (bypassing any kind
of
firewall/proxy)? Since this product (or any similar) creates some kind
of
PPP connection over https, installs routes on the PC etc. it will create
a
lot of problems. (see also: Worms, Air Gaps etc)

I know that I could possibly stop the downloading of ActiveX/Java
applets
via some kind of web filtering software but this also has a lot of
side effects, or I could use some kind of whitelist for https
connections,
but this is too difficult to manage/maintain.

Thanks,
John

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: