OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Jeffrey Kok Chew Mun (ccekokj_at_nus.edu.sg)
Date: Wed Dec 04 2002 - 20:47:23 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi,
     
    We stumbled onto a traffic shaping device called Packetshaper from
    Packeteer which did a pretty good job in classifying traffic based on
    applications (instead of ports). What we did was to deny or limit
    traffic coming from undesirable applications like Kazaa, Gnutella,
    iMesh, etc. In fact, it did a pretty good job in filtering nimda and
    codered as well. Since the deployment of the Packetshaper, we have had
    almost zero complaints about copyright issues and all.
     
    This worked very well for our campus but there are some limitations
    though. A traffic shaping devices isn't built like a FW. In case of
    congestion, the traffic shaping devices will pass traffic instead of
    drop which is the opposite of a FW which will drop traffic.
     
    Hope this helps.
     
    cheers,
    Jeffrey Kok
    National University of Singapore

            -----Original Message-----
            From: Beker Eli [mailto:Eli.Bekercomverse.com]
            Sent: Wednesday, December 04, 2002 5:35 PM
            Subject: [ISSForum] P2P applications and IDS/IPS
            
            

            Hi,

            Lately we are facing more and more P2P applications, exposing
    the corporate internal networks to
            unknown external access. some of the applications require a
    detailed installation with username and
            passwds, like GoToMyPC https://www.gotomypc.com/ and ViAir
    WirelessInbox http://www.viair.com/products_WI.htm
            but there might be some, that probably run out of the box, like
    Kazza and others.
            The common denominator of all those programs are they use well
    known open ports on the corporate
            firewall, such as http, https or ftp. they automatically switch
    between the ports to find an open one.
            and some of them can even pass proxy servers.
            This is not new to the security community, we all remember the
    famous ping tunneling, ssh, https and
            http tunneling where the idea is almost the same. the
    difference, which doesn't make it better, was that
            internal users did in purpose to their systems outside the
    network. and today's applications, are using
            a 3ed unauthorized party "Broker" to set the connection.
            I believe that a strict corporate policy should eliminate part
    of the problem, but still we've to stand guard
            and catch the security violators.
            I would like to hear what you are doing and what can be done to
    mitigate this problem?
            maybe adding another section to RS, like back doors, for P2P
    applications?

            Regards,
            Eli Beker
            Comverse

    _______________________________________________
    ISSForum mailing list
    ISSForumiss.net

    TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo