-----Original Message----- From: Ben Scott [mailto:[EMAIL PROTECTED] Sent: Thursday, 31 January 2008 1:57 PM To: NT System Admin Issues Subject: Re: L2TP vs. SSTP
On Jan 30, 2008 9:17 PM, Kurt Buff <[EMAIL PROTECTED]> wrote: >> The only cure is an application proxy that actually understand the >> protocols, and enforces them, and that's nearly unobtainable. > > It's not actually that rare. It's a Simple Matter of Programming to > confirm that the traffic on TCP/443 actually is SSL. I'm pretty sure just about any decent proxy will do this. But because it's so trivial to implement TLS/SSL support, just about everything that wants to tunnel over 443 will use SSL/TLS, and I think that's what Kurt was getting at. Once the traffic is actually secured using SSL/TLS there really isn't any way, at the moment, to work out what is inside that channel. SSL/TLS is designed to be resistant to "man-in-the-middle" attacks, so unless the client co-operates, you can't look inside the traffic. And when you have outsiders/contractors/consultants/etc on your network, you need to find alternate ways of protecting your assets - separate networks, or Rights Management or whatever. Cheers Ken ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
