On Sat, 7 Dec 2002, Beker Eli wrote: > how do I know the http/https/ssh outbound traffic I allow on my > corporate gateways, is not used by p2p applications? > others apps using well known ports to send their traffic stealthily? > do we need the IDS to recognize them? like it know backdoors...
Not sure if this has been brought up yet, or if it is even practical in your environment, but the 1st step I would take here is to make sure my computer acceptable use policies were clear and well understood by the user base. Now that the policy has been published and taught to the user base; from a technology enforcement level I would suggest blocking all outbound traffic from client machines and force acceptable traffic through well managed application proxy servers. This doesn't completely kill off trojan's, but would make it a requirement for the trojan to tunnel through an application proxy server, which could make it easier to log and manage. Every environment is unique, so take all external advice with a grain of salt, but this approach has worked for some of my clients. :). Robert _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
