• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Access restricted sites with HTTP tunneling

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Access restricted sites with HTTP tunneling Page: [1]
Login
Message << Older Topic   Newer Topic >>
Access restricted sites with HTTP tunneling - 7.Sep.2007 8:02:27 PM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
Hi everybody,

This thread is to discuss various ways malicious surfers can use to access restricted sites; thus bypassing firewall rules and policies and how to use the HTTP filter to stop such behavior.

Thanks

_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com
Post #: 1
RE: Access restricted sites with HTTP tunneling - 8.Sep.2007 9:13:20 AM   
ianfermo

 

Posts: 235
Joined: 7.Nov.2004
From: Zamboanga, Philippines
Status: offline
Hi,

Create a Whitelist for HTTPS protocol and even skype can't pass thru although this will mean bugging from users why is it, their HTTPS site is not accessible.

Cheers...

(in reply to royh)
Post #: 2
RE: Access restricted sites with HTTP tunneling - 8.Sep.2007 1:09:16 PM   
ITEngineer

 

Posts: 270
Joined: 3.Feb.2006
Status: offline
quote:

ORIGINAL: ianfermo

Hi,

Create a Whitelist for HTTPS protocol and even skype can't pass thru although this will mean bugging from users why is it, their HTTPS site is not accessible.

Cheers...


How do u create this whitelist ? Domain Name Set ? URL Set ?

and what is the format ? i mean *.domainname.com ? how ?

(in reply to ianfermo)
Post #: 3
RE: Access restricted sites with HTTP tunneling - 9.Sep.2007 9:29:40 AM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
What if they are tunneling their traffic inside http?


_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to ianfermo)
Post #: 4
RE: Access restricted sites with HTTP tunneling - 9.Sep.2007 6:47:28 PM   
ianfermo

 

Posts: 235
Joined: 7.Nov.2004
From: Zamboanga, Philippines
Status: offline
Hi,

Try to read this link and read HTTP Policy and SSL Connections http://www.microsoft.com/technet/isa/2004/plan/httpfiltering.mspx. For this reason thats why we create a lease priveledge for HTTPS.

Destination = yahoo.com

Rule Allow HTTPS Internal to Destination

Cheers...

(in reply to royh)
Post #: 5
RE: Access restricted sites with HTTP tunneling - 11.Sep.2007 6:11:05 PM   
elmajdal

 

Posts: 6010
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi Guys,

GFI WM4 provides WebGrade feature, a human reviewed Database that contains more than 84 categories.

File Sharing, Web IM , Anony Proxy are categories that are included in this Database.

HTH,
Tarek

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to royh)
Post #: 6
RE: Access restricted sites with HTTP tunneling - 11.Sep.2007 7:17:15 PM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
Hi,

Is there any article, explaining in depth the http tunneling process and how to stop it using the http filter in ISA 2006?

Thanks...

_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to elmajdal)
Post #: 7
RE: Access restricted sites with HTTP tunneling - 1.Oct.2007 8:57:51 PM   
lsjames

 

Posts: 30
Joined: 6.Apr.2007
Status: offline
Active Wall provides the filtering of http tunnel. http://www.lanctrl.com



_____________________________

James King
Microsoft Certified Systems Engineer
Free Traffic Monitor Software

(in reply to royh)
Post #: 8
RE: Access restricted sites with HTTP tunneling - 13.Oct.2007 12:23:53 PM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
Thanks

Will try it and revert to you with my feedback


_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to lsjames)
Post #: 9
RE: Access restricted sites with HTTP tunneling - 16.Oct.2007 6:24:50 PM   
royh

 

Posts: 318
Joined: 23.Feb.2007
From: Lebanon
Status: offline
Hi,

Tunneling applications are still connecting....

_____________________________

Roy Haddad,M.Sc
CCNA, MCSE 2003 Messaging & Security,C|EH
www.foxminds.com

(in reply to lsjames)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> HTTP Filtering >> Access restricted sites with HTTP tunneling Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts