Guy, Both of your comments point toward the need for a new class of software. Either a firewall add-on or new client probing. see my other post (right before this one) where I propose that a "detection engine" like ZoneAlarms could be used to request an outbound server with a "authorization server" _before_ the firewall allows outbound traffic. If an outside company sells your "netnanny" (censoring at server level) list, you don't have to spend the time developing one. Or if a outside companies sells you a "scanning signature" -- you don't have to develop one (detecting at client). As you basically allow outbound data on port 80 to anywhere, like most (all) of us do -- you are open to any program sending undesired data out to port 80. We have solved the inbound problem (mostly), outbound is next... Stephen Gutknecht Renton, Washington -----Original Message----- From: elvene [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 13, 2000 7:39 AM To: [EMAIL PROTECTED] Subject: Re: [firewalls] Digest Number 388 > Date: Tue, 12 Dec 2000 22:38:37 -0800 > From: "Stephen Gutknecht \(firewalls\)" <[EMAIL PROTECTED]> > Subject: Undesired outbound data "leaking" - the next frontier? > .... > Solutions I can see off the top of my head: > > 1) Allow only outbound traffic to pre-authorized destinations and keep a > list of only those allowable destinations on your firewall. Using "net > nanny" (censoring) type technology for security purposes. I could do this now, but if I did so, my entire life would be spent managing this list... My compromise is to allow HTTP, HTTPS and the streaming media ports open to everywhere, FTP only via our proxy, and all other ports/IP's restricted IB AND outbound. > 2) Develop a list "safe client pc programs" and some type of scanning > technology to detect "undesired" programs. > I can kind of do this now (list part with NT), but the amount of time spent establishing what executables are allowed, and which aren't, and locking things to the point that my end users can't change things to run the newest widget that they downloaded and brought in from home while still being able to do the work they need to do, and the lost productivity from the inevitable side effect of restricting something that you didn't intend to... it's just not going to happen. Our operating environment changes daily - I could never keep up with it - it would take me two years to roll out a new platform. - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
RE: Undesired outbound data "leaking" - the next frontier?
Stephen Gutknecht \(firewalls\) Wed, 13 Dec 2000 11:17:59 -0800
- Undesired outbound data "leaking"... Stephen Gutknecht \(firewalls\)
- RE: Undesired outbound data "lea... Bill Royds
- Re: Undesired outbound data "... Bernd Eckenfels
- RE: Undesired outbound data &... Bill Royds
- RE: Undesired outbound data "lea... Stephen Gutknecht \(firewalls\)
- RE: Undesired outbound data "... Michael . Owen
- RE: Undesired outbound data "lea... Stephen Gutknecht \(firewalls\)
- RE: Undesired outbound data "... Ron DuFresne
- Re: Undesired outbound data &... Martin
- Re: Undesired outbound da... Ron DuFresne
- Re: Undesired outbou... Gary Flynn
- Re: Undesired ou... elvene
- Re: Undesire... Loren Wagner
- RE: Undesired outbound data "lea... Dave Mikulka
- RE: Undesired outbound data "... Ron DuFresne
- RE: Undesired outbound data "... David Harley
- RE: Undesired outbound data "lea... Graham, Randy \(RAW\)
