Spot on ... and one more thing on some of the comments about proxies protecting networks ... they won't stop an attacker getting a shell out. You need layer 7 protection for that (eg. L7 FW or IPS device). It's trivial to bounce a reverse shell through an authenticated proxy to a remote netcat listener. It won't be stopped by your proxy, and the chances are, it won't be stopped by your filtering software either (unless you block "unknown" category .. but even then, not always).
a -----Original Message----- From: Paul Hutchings [mailto:[email protected]] Sent: 29 September 2010 08:11 To: NT System Admin Issues Subject: RE: Outbound firewall ports Buy a box (Palo Alto Networks for example), generate a CA on it, install that CA on all your clients, turn on decryption on the Palo Alto and bobs your uncle, your staff visit https://www.xyz.com, the Palo Alto makes the connection, decrypts it, re-encrypyts it and presents it back to the client, though the cert the client sees, if they look, is going to be the self-signed CA. Big caveat with the above is tell your staff you're doing it as that way you won't get a mob with pitchforks turn up if they think you're sniffing their paypal/financial transactions etc. Better yet get a box with URL filtering and exclude certain categories i.e. banking and finance. -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: 29 September 2010 04:57 To: NT System Admin Issues Subject: RE: Outbound firewall ports How do you inspect SSL traffic. If one could that that, then it would be not be a secure connection? Greg Sweers CEO ACTS360.com P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax ************************************************************************************ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
