Whole categories of hardware and software solutions have been built upon the fact that this is a non-trivial problem to solve.
* * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Tue, Aug 14, 2012 at 2:08 PM, [email protected] <[email protected]> wrote: > Again, wow (soft, wide-eyed, response). Did not realize this was going > to be such a PITA. > Thanks again all this is most helpful. > > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Posted At: Tuesday, August 14, 2012 1:12 PM > Posted To: [email protected] > Conversation: Software like citrix or webex?? > Subject: Re: Software like citrix or webex?? > > On Tue, Aug 14, 2012 at 12:31 PM, [email protected] <[email protected]> > wrote: > > Any ideas on how to monitor this kind of traffic without the manual > > add of a million ip's??? > > You're looking for a quick easy fix. You won't find one. > > Options/ideas: > > A1. Subscribe to a filtering service that provides a blacklist of > servers/addresses/sites to block. Suffers from B1. > > A2. Use protocol-level inspection (AKA "application firewall") to > ensure traffic on TCP/80 is really HTTP and web pages. Block SSL except > to whitelisted sites. (The whole point of encryption is, you can't see > the traffic. These things all use SSL, By design, you cannot examine > it.) Suffers from B2. > > A3. Use a filter that does SSL interception, and looks for known > signatures. Suffers from B1. Also means you have to comprise the > end-to-end security of SSL, and deploy an invasive SSL interception > infrastructure. > > A4. Don't browse the web with admin rights. Some of this software > doesn't work without said rights. Unfortunately, some does. > > A5. Don't allow ActiveX, Flash, Java, etc., except from whitelisted > sites. Prolly the best overall option for browser security. Big B2 > problem -- much of the web is unusable without these > > Potential problems: > > B1. Any blacklisting/signature solution will suffer from the same > whack-a-mole problem as virus scanners, porn filtering, etc. > > B2. Any whitelisting solution requires overhead to maintain the > whitelist -- in particular, handling requests for new whitelist members. > > -- Ben > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
