This is not a new thought, you know. If you have subscribed to the Firewall Wizards mailing list over the past, oh, 8 or 10 years, you'll note that folks like Marcus Ranum, and a whole host of others, have been bitching about this for a long time.
The only cure is an application proxy that actually understand the protocols, and enforces them, and that's nearly unobtainable. It's now down to defense in depth, and protecting every asset on the network, if you can get away with it. Default deny and least privilege rule. Wish I could actually implement that at $EMPLOYER as I would prefer, though we *are* moving in that direction - just too slowly for my taste. Kurt On Jan 30, 2008 5:30 PM, Carl Houseman <[EMAIL PROTECTED]> wrote: > One starts to wonder, what's the point of outbound firewall security if > everybody is bypassing it on port 80 or 443 to do whatever they want? > > Carl > > -----Original Message----- > From: Ken Schaefer [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 30, 2008 8:26 PM > To: NT System Admin Issues > > Subject: RE: L2TP vs. SSTP > > One operates at the IP layer > One operates at the TCP layer > > Both use certificates for authentication and encryption. > > But I suppose that SSL VPN products are popular now because port 443 is seen > as the "universal firewall bypass" port, and so setting up SSTP (or similar > SSL VPN product) and having roaming clients be able to access your server > maybe the easiest to do. > > Cheers > Ken > > -----Original Message----- > From: Jim Dandy [mailto:[EMAIL PROTECTED] > Sent: Thursday, 31 January 2008 12:22 PM > To: NT System Admin Issues > Subject: L2TP vs. SSTP > > Windows Server 2008 is supposed to come out with Secure Socket Tunneling > Protocol (SSTP). Does anyone know the advantages/disadvantages of using > this verses L2TP? Thanks for your help. > > Curt > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
