Vulnerability Development mailing list archives
Re: N2H2 Web Proxy/Filter appliance
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Sat, 17 Jun 2000 13:27:17 -0700
OK, I appreciate everyone's point on the topic. I would like to avoid people trying to convince other people to not do something if possible, though it's fine to point out why something is a problem. I agree with both parties... it is impossible to keep people from getting out... if they're clever enough. Any protocol can be tunneled over any other, as long as its not timing sensitive. It's also fair to take into account your users' level of expertise, and what the value of what you're trying to protect is. I certainly wouldn't tell someone that it's OK to connect one's classified net to the Internet via a proxy, because you could keep them from going where they want. That's not going to fly. It is certainly worth noting that proxies won't keep most of the people who subscribe to this list fro getting their pr0n. However, if you're talking about high school kids (and the fact that he's probably trying to comply with some ridiculous censorship requirement) then this setup is probably adequate, to meet the requirements. If some kids is smart enough to arrange with an outside tunnel endpoint, and if they catch him, they'll nail him with some totalitarian high school anti-hacker rule, and make his life miserable (not that I have an opinion on the subject :) ). If they don't catch him, well then it doesn't matter, does it? The guy has fulfilled his due diligence, and as far as anyone knows, it's effective. The guy obviously knows about doing various types of baselines to catch changes.. but he never said he was going to. Again, he may not actually want to catch policy violators. Though, if that's the case, I'm sure he can't comment on it here. In fact, he never said he wasn't a student trying to get pr0n from the high school comp lab. For folks who actually want to detect this sort of thing, you put in an IDS or some sort of burglar alarm mechanism, and you don't tell anyone about it. No, this isn't security through obscurity. IDS and burglar alarms are there to detect when your protection (or in this case, policy) has already been violated. In most cases, if people know the details of alarms, they are easily bypassed. So for example, if you alarm on one machine making 100 times more DNS requests, that will likely do the job. If I know DNS is being watched for, I used ICMP instead, etc.. BB
Current thread:
- N2H2 Web Proxy/Filter appliance Mark (Jun 15)
- Re: N2H2 Web Proxy/Filter appliance Alex Schuetz (Jun 16)
- Re: N2H2 Web Proxy/Filter appliance Mark (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Crispin Cowan (Jun 16)
- Re: Firewalls and stuff (Was about N2H2) Mark (Jun 17)
- Re: Firewalls and stuff (Was about N2H2) Crispin Cowan (Jun 17)
- (no subject) Bluefish (Jun 18)
- Re: N2H2 Web Proxy/Filter appliance Mark (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Alex Schuetz (Jun 16)
- Re: N2H2 Web Proxy/Filter appliance Eric Wanner (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Crispin Cowan (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Blue Boar (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Bluefish (Jun 18)
- HP LaserJet 4 Series Jet Direct Ryan Yagatich (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct Blue Boar (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct (and others) Joel Michael (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct (and others) Blue Boar (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct Steven Duckworth (Jun 19)
- omni backup program Antonomasia (Jun 19)
- Re: HP LaserJet 4 Series Jet Direct Felix von Leitner (Jun 21)
- [Fwd: Exploit code for PalmOS] Blue Boar (Jun 17)
- <Possible follow-ups>
- Re: N2H2 Web Proxy/Filter appliance Crispin Cowan (Jun 18)