This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Users bypassing content filtering and virus scanning using PuTTY

I’m still using version 6 but have a problem with users tunnelling connection via SSL and bypassing content filtering and virus scanning. ASL is configured like this:
HTTP Proxy (allowed target services HTTPS), user authentication, surf protection on, virus scanning on.

I discovered that internal users bypassing the security architecture while using PuTTY. They have a squid proxy server and SSH server running at home. They are using PuTTY from the internal network to tunnel a connection via SSL to their Squid box at home. All traffic goes out without content and virus checks via SSL.

Do I have a change to block this traffic? How to configure ASL to stop the users?

This thread was automatically locked due to age.

Parents

0 FN-Eagle over 18 years ago

Thanks for your suggestions. I think the only (professional) way to stop user doing this, is to terminate all encrypted connections an to send them to an additional scan process. I’m looking for some kind of SSL scanner or SSL proxy. Does somebody use this and what kind of scanners do you know? I’ve found this one:

Webwasher SSL scanner

http://www.securecomputing.com/index.cfm?skey=1536&menu=prodsolutions

Is Astaro working on this too? ;-)
Cancel
Vote Up 0 Vote Down

Cancel
0 RFCat_vk_01 over 18 years ago in reply to FN-Eagle

William,
I might be missing something very obvious. There must at some stage be the initial setup packet to the webserver, in fact maybe even a couple that go through the firewall before the encryption starts.

Ian M
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 RFCat_vk_01 over 18 years ago in reply to FN-Eagle

William,
I might be missing something very obvious. There must at some stage be the initial setup packet to the webserver, in fact maybe even a couple that go through the firewall before the encryption starts.

Ian M
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 William Warren over 18 years ago in reply to RFCat_vk_01

William,
I might be missing something very obvious. There must at some stage be the initial setup packet to the webserver, in fact maybe even a couple that go through the firewall before the encryption starts.

Ian M

nopers. The tunnel is totally secured. The only thing you can do is either attempt to proxy it(easier said than done) or jsut use a highly enforced ans strong IT policy. Unless you are a large enterprise the costs of trying to proxy ssh traffic is most likely going to be prohibitive.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel
0 jjohnston62 over 18 years ago in reply to RFCat_vk_01

I think the only way you stop this kind of crap is to have management make it clear that it's not allowed and if people do it, they'll be reprimanded and/or fired.
Technology can't solve all problems. This is not a technology problem, it is a management problem.
Having said that, how 'bout just blocking their access completely. [:)]
Cancel
Vote Up 0 Vote Down

Cancel