• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Member of staff using work proxy to acess home outlook web

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion

View previous topic :: View next topic  
Author Message
CHeeKY
Just Arrived
Just Arrived


Joined: 13 Feb 2003
Posts: 3


Offline

PostPosted: Tue Aug 12, 2003 6:29 pm    Post subject: Reply with quote

I think it like anything that has to do with http access, we have seen of late the worry of http as if you use checkpoint and most firewalls they allow out all http, many programs including maybe that outlook issue, can dynamically adapt to push traffic through http, we have seen this at our place lately: Scenario

We have checkpoint installed, we have rule HTTP ALLOW from inside netcache to NET, we block all rest apart from select groups through ftp which is on different rule.

We found in the logs today a connection going through 4622 and back through our netcache, the netcache is a basis for our proxy software and we have web filtering in there too.

The connection had changed to feed through http port so we allowed it, someone had installed emonkey on there pc at work and that was making connections and the back connection alerted firewall, now we have cisco ids and own built snort with stormfront, and we spotted it first hand, but that shows the threat of http allow.

To stop this we actually changed our netcache rules to only allow Mozilla headers in the packet through http on firewall as a test, and that only then allowed browsers, we may have to modify the test lab for real player for top bosses etc, but this gave us an extra dimension.

I hope this had maybe not answered your question, but given you thought for process of how port changing can maybe be controlled, and hardening allow services a little, may help you out Smile
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> General Security Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register