Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Logmein.com and Gotomypc.com denial...
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Logmein.com and Gotomypc.com denial... - 4.Jun.2005 6:55:00 PM
|
|
|
tad_braun
Posts: 94
Joined: 31.Dec.2003
Status: offline
|
Hello,
How would I allow Logmein.com and Gotomypc.com types of browser-based remote control services to my admin team, yet disallow them for the rest of the company?
Specifically, what kind of rule would I use to DENY these services? Maybe I would search the HTTPS stream for an executable header or something? How would I do that? I am not too savvy yet with ISA 2K4. I think Logmein uses port 2002, but I can't be sure yet...
Anyone else running into this situation? I don't want "typical" domain users having this service because of the FileManager capability. They could easily upload all kinds of virused/trojaned files to their work PC, and I don't want that. Yes, we do have active, updated AV and such, but I don't even want the possibility to exist that a user could do damage from a home/traveling PC...
Thaddeus
|
|
|
|
RE: Logmein.com and Gotomypc.com denial... - 5.Jun.2005 1:38:00 AM
|
|
|
ianfermo
Posts: 234
Joined: 7.Nov.2004
From: Zamboanga, Philippines
Status: offline
|
Hi,
Read about this article. http://msmvps.com/shinder/articles/12268.aspx
In this article you will learn the dark side of SSL - Bridging. Using HTTPS procotol to bypass existing firewall.
Cheers,
|
|
|
|
|
RE: Logmein.com and Gotomypc.com denial... - 6.Jun.2005 9:04:00 PM
|
|
|
tad_braun
Posts: 94
Joined: 31.Dec.2003
Status: offline
|
Hello,
So, as ISA Server 2004 stands today, as well as other firewalls, I CAN'T stop my users from setting up a GoToMyPC account and using it to access other PC's out on the Internet? Policy or no policy, they will find this stuff and do it. I would like a technical method for stopping this, and I thought ISA would be able to see the traffic going out (or coming in) and be able to do something about it.
And from the article mentioned, I also see that MSoft is going to promote this security-crippling capability in their R2 for W2K3! Are they insane!? Foolish is the only word that comes to mind...here they are out touting how secure their new products are, and yet they're including a bypass method around all of it! That just sounds plain stupid...
Tell me it ain't so!
|
|
|
|
|
RE: Logmein.com and Gotomypc.com denial... - 6.Jun.2005 10:58:00 PM
|
|
|
AbqBill
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
|
One way that should work would be to monitor the URLs that these programs connect to and block them. In the past, I believe I read on this site that you could block access to poll.gotomypc.com to keep GoToMyPC from working.
Bill
|
|
|
|
|
RE: Logmein.com and Gotomypc.com denial... - 6.Jun.2005 11:32:00 PM
|
|
|
tad_braun
Posts: 94
Joined: 31.Dec.2003
Status: offline
|
B,
Thanks for the reply! Do you remember where on the site you read that? I'll search, but I think I could use the extra info...
I assumed that the sites like GoTo and LogMeIn would constantly change IP's (kind of like IM servers), but the URL should be fairly constant. Good tip...
|
|
|
|
|
RE: Logmein.com and Gotomypc.com denial... - 7.Jun.2005 1:56:00 AM
|
|
|
ianfermo
Posts: 234
Joined: 7.Nov.2004
From: Zamboanga, Philippines
Status: offline
|
Hi,
There are ways to check which Domain, URL or Protocol. You can use Network Monitor of Windows, Simple DOS Command -- Netstat -o(Client side - Install the software and execute the command), or better use ISA Server's Realtime monitoring. Create a rule to Deny GoToMyPC and LogMein Domain and URL.
Cheers,
|
|
|
|
|
RE: Logmein.com and Gotomypc.com denial... - 14.Jun.2005 10:46:00 AM
|
|
|
FriedDough
Posts: 1
Joined: 14.Jun.2005
Status: offline
|
This is becoming a real pain in the butt as many of these services are popping up and all using ports 80 and 443. We have a rule that explicitly blocks HTTP (actually all ports) access to all of these sites:
RemotelyAnywhere.com
MyWebExPC.com
LapLinkEveryWhere.com
112go.com
FolderShare.com
01com.com
ImInTouch.com
beinsync.com
gotomypc.com
I am sure that there are many more but these seem to be the highly visible ones. It would be great if others posted other remote access services like these that they are aware of.
Good luck
|
|
|
|
|
RE: Logmein.com and Gotomypc.com denial... - 14.Jun.2005 6:59:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hey guys,
This is why I don't create deny rules, I create allow rules only, for SSL. I never allow SSL through except to legit sites that users have demonstrated a need to access. Its impossible to beat these SSL tunnelers any other way. At least, not until we can get outbound SSL to SSL bridging on our networks.
HTH,
Tom
|
|
|
|
|
RE: Logmein.com and Gotomypc.com denial... - 16.Jun.2005 2:15:00 AM
|
|
|
tad_braun
Posts: 94
Joined: 31.Dec.2003
Status: offline
|
Tom,
Thanks for the help. What I think you are saying is that we shouldn't allow blanket HTTPS outbound activity for our users, right? Make a single HTTPS rule and keep adding HTTPS sites that users are requesting and make sense, right? Sort of an HTTPS whitelist, right?
I hope I'm hearing you correctly since I am still a bit perturbed about this tunneling problem. Could you give us a thumbnail sketch of what a rule would look like using this theory?
|
|
|
|
|
RE: Logmein.com and Gotomypc.com denial... - 28.Jun.2005 6:12:00 PM
|
|
|
bob-isa
Posts: 1
Joined: 28.Jun.2005
From: California
Status: offline
|
FYI
You can use the Corporate version of GoToMyPC to have full control of who uses the service. You can even control what computers have access to the host computers within your network.
Contact the GoToMyPC sales for more information.
|
|
|
|
|
RE: Logmein.com and Gotomypc.com denial... - 5.Jul.2005 2:56:00 PM
|
|
|
tad_braun
Posts: 94
Joined: 31.Dec.2003
Status: offline
|
Hello,
This is still a very hot topic at my work. We can't put in our new Exchange and ISA systems until I get some new kind of direction. Maybe someone can suggest something other than DENY rules? We have Websense, and they have a Proxy Avoidance category that'll take care of those types of sites (mostly), but I was hoping that we as a group could find a better way to monitor/filter HTTPS Tunneling using ISA Server 2004...
Ideas? Tom?
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Smile]](/image/smiles/smile.gif)
, you could post a write-up on the front page detailing your advice and experiences here?
RE: Logmein.com and Gotomypc.com denial... - 
