Beker Eli wrote: > > how do I know the http/https/ssh outbound traffic I allow on my > corporate gateways, is not used by p2p applications? > For Trojans/worms using those ports, we usually use a good antivirus. > do we have something similar to catch all those commercial and > others apps using well known ports to send their traffic stealthily? > do we need the IDS to recognize them? like it know backdoors...
Once this stuff starts using https or ssh, we're all in a boatload of trouble without desktop configuration control unless we want to restrict traffic to particular hosts. The only way out of that that I can think of is an SSL proxy-like device through which all https sessions must travel so you can do IDS/firewalling/content management on the inside...assuming you trust the inside and all your web sites trust the SSL proxy. :) Back to square one...maintain the computers. -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
