Firewall Wizards mailing list archives
RE: Prohibiting SSL VPNs
From: "Desai, Ashish" <Ashish.Desai () fmr com>
Date: Fri, 21 May 2004 15:19:41 -0400
You would have to disable the "CONNECT" http verb in your web proxy. This will also disable all SSL access to legitimate web sites. The other option is to have your web proxy timeout SSL connections after a certain time. Not sure if this be enough to break(hamper) SSL VPN's. Ashish -----Original Message----- From: John Kougoulos [mailto:koug () intranet gr] Sent: Thursday, May 20, 2004 6:41 AM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] Prohibiting SSL VPNs Hello all, Does anybody have any ideas on how I could prohibit the usage of SSL VPNs like the one offered by F5 (Firepass), since this requires only the ability for the client to make an https connection (bypassing any kind of firewall/proxy)? Since this product (or any similar) creates some kind of PPP connection over https, installs routes on the PC etc. it will create a lot of problems. (see also: Worms, Air Gaps etc) I know that I could possibly stop the downloading of ActiveX/Java applets via some kind of web filtering software but this also has a lot of side effects, or I could use some kind of whitelist for https connections, but this is too difficult to manage/maintain. Thanks, John _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Prohibiting SSL VPNs John Kougoulos (May 21)
- Re: Prohibiting SSL VPNs Frederick M Avolio (May 21)
- Re: Prohibiting SSL VPNs John Kougoulos (May 25)
- Re: Prohibiting SSL VPNs Paul D. Robertson (May 21)
- <Possible follow-ups>
- RE: Prohibiting SSL VPNs Melson, Paul (May 21)
- RE: Prohibiting SSL VPNs Desai, Ashish (May 21)
- Re: Prohibiting SSL VPNs Frederick M Avolio (May 21)