Again, wow (soft, wide-eyed, response). Did not realize this was going to be such a PITA. Thanks again all this is most helpful.
-----Original Message----- From: Ben Scott [mailto:[email protected]] Posted At: Tuesday, August 14, 2012 1:12 PM Posted To: [email protected] Conversation: Software like citrix or webex?? Subject: Re: Software like citrix or webex?? On Tue, Aug 14, 2012 at 12:31 PM, [email protected] <[email protected]> wrote: > Any ideas on how to monitor this kind of traffic without the manual > add of a million ip's??? You're looking for a quick easy fix. You won't find one. Options/ideas: A1. Subscribe to a filtering service that provides a blacklist of servers/addresses/sites to block. Suffers from B1. A2. Use protocol-level inspection (AKA "application firewall") to ensure traffic on TCP/80 is really HTTP and web pages. Block SSL except to whitelisted sites. (The whole point of encryption is, you can't see the traffic. These things all use SSL, By design, you cannot examine it.) Suffers from B2. A3. Use a filter that does SSL interception, and looks for known signatures. Suffers from B1. Also means you have to comprise the end-to-end security of SSL, and deploy an invasive SSL interception infrastructure. A4. Don't browse the web with admin rights. Some of this software doesn't work without said rights. Unfortunately, some does. A5. Don't allow ActiveX, Flash, Java, etc., except from whitelisted sites. Prolly the best overall option for browser security. Big B2 problem -- much of the web is unusable without these Potential problems: B1. Any blacklisting/signature solution will suffer from the same whack-a-mole problem as virus scanners, porn filtering, etc. B2. Any whitelisting solution requires overhead to maintain the whitelist -- in particular, handling requests for new whitelist members. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
