Home page logo

basics logo Security Basics mailing list archives

RE: Blocking ssl vpn connections
From: "Hayes, Ian" <Ian.Hayes () wynnlasvegas com>
Date: Mon, 27 Mar 2006 15:28:43 -0800

-----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu]
Sent: Monday, March 27, 2006 9:39 AM
To: 'Andrew Stewart'; security-basics () securityfocus com
Subject: RE: Blocking ssl vpn connections

  You need an "SSL proxy" (as your firewall) to do this.
Essentially it's a *authorized* "main in the middle", decrypting
and examining the data stream.  At a minimum, it can verify that
this traffic using port 443 really is HTTPS.  Some can also filter
the stream for malware and illicit content as well.

  [Check out Blue Coat -- I think they have a White Paper up about
the things that their boxes can offer.]

I've used them before. I thought I was rather clever tunneling SSH
traffic out through an SSL wrapper to my server at home, but apparently
the guys running the box saw something that didn't look quite right. But
what really sucked was that none of us could figure out how to block it
with the Bluecoat. Their instructions seemed really focused on blocking
tunneled traffic that came from httptunnel. I was using something else
that seemed to completely baffle the Bluecoat, but at least it was being

Ian Hayes | Senior Systems Engineer
Wynn Las Vegas
3131 South Las Vegas Blvd, Las Vegas, NV 89109
Ph (702) 770-3252 | Cell (702) 266-6002
Ian.hayes () wynnlasvegas com

The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]