On Mon, 25 Jan 1999, Pavlichek, Doris (GEIS, GE Capital Consulting) wrote:
> Question: If users get around a RealAudio port block on a Gauntlet firewall
> by telling their browser to use port 80 for RealAudio, is there anyway for
If it's the RA client over HTTP, and not a browser you should be able to
block the client's browser ID string (at least you can in the fwtk with
patches, you'll have to check with TIS about specifics in the commercial
product.)
> the firewall administrator to then block RealAudio without blocking all
> internet access? Locking out specific user IPs in order to enforce policy
> is impossible. He's in a military environment and that would not fly.
If it's a written policy, it's the job of the individual's immediate
supervisor to talk to them about violating policy. *Anything* should be
acceptable to enforce policy should the user remain uncooperative in
*any* environment, including removal of the user from said environment.
There's not much point in having a policy if you can't enforce it.
*Anything* can be tunneled over HTTP, SMTP, DNS, or any other protocol.
Expecting a firewall to take care of tunneling is a little more trusting
than the technology is capable of, since you're now at a content issue.
You allow HTTP, the Real Audio server is sending RA over HTTP, the
firewall is doing its job. Protocol tunneling is one reason that
firewalls aren't magic bullets. Have a strong policy about what is
premitted (client versions, content, usage, authentication, etc.), and
back that policy with the ability to enforce it. Anything else is
tilting at windmills, no matter what firewall product you have.
If a user is violating policy, take action, and make sure they know not
to do it. If they continue, remove them from the network.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
