Blocking Tunneling Applications

100 pts.
Tags:
Application security
Database
DataCenter
Encryption
Firewalls
Forensics
Incident response
Instant Messaging
Intrusion management
Microsoft Exchange
Network security
Networking
Secure Coding
Security
VPN
Wireless
Hi; Any suggestions on how I can block hopster(and other similar socks based tunneling applications)from tunnelling out and bypassing the firewall? When hopster contacts its servers it uses different set of IPs, not a single domain, so its kind of hard to block it based on IPs Thank You

Answer Wiki

Thanks. We'll let you know when a new response is added.

I am at the University of Florida. It has gotten very hard to filter by simple rules.
We run a firewall blocking TCP above 1024 with only 7 exceptions (like Global Catalog for domain logins). Blocking UDP had to be done by source since one program can use hundreds of ports.
We run traffic analysis to id the latest P2P sharing systems and enforce the policy against use by disabling the recipient’s IP address. Draconian, but it works since the students and staff must have access for work and classes. This is not cheap. The network interdiction squad updates known transgressors daily.
In the battle between “No, you can not do that.” and “We want it.” We start with top level policies backed by the administration. They apply to ‘everyone’ from the President down to visitors in the computer labs in study areas and libraries. New systems are scanned for up to date patches, up to date antivirus files, before getting an IP address with network access. This quarrantine process helps tremendously.
My suggestions are – 1. policies in place and fully supported. 2 – Standardized setup and network permissions whenever possible. 3 – multi-level firewalls, level 1 and level 2 are losing the battle. Level 3 is still very expensive but it can handle tunneling apps. 4 – Get employee/user buy-in. When they understand that tomorrow’s employment for all, depends on their individual behavior today, peer pressure can work.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Papp
    Nice Howard2nd, Layer 3 is losing btw. I like that you included the most important element, user buy-in. Addicted to funny things, videos, cool programs, and "free stuff", 98% of security admins fall into apathy or worse. It seems just about every aspect of software and tools has it's own little sphinter parasite under the guies of piracy protection. I lost all illusion of hope for valid internet services when MS itself included in XP SP2 the circumvent NAT in the patch by default. I watched superior security programs bought, patent, and subverted to fullfill a macabellion scheme to profit through insider trading with a clear goal that it would pay for itself better than 10 years guarenteed sales. I have seen foreign entities supplying scripts to the kiddy-script junkies, barbed on the user end, as a back-door prise. ... and yet they still keep comming. It is hard to take security seriously when bound by fiscal constraints and attacked by the very same junkies whos jobs or education your trying to protect. Building business case after business case for VPs and board members that treat you with distain. Soon you will find yourself leading the Charge of the Light Brigade carrying only the flag, shot, snakebit, and powder burnt by canon blast. The only companies left doing an honest business still have darker goals of future revenues untill no revenue is left but for their products. I admit, I am a bit slow when giving in to accept defeat for lofty goals, but I am beginning to wonder, are we going to be allowed to win or are we being watched for future penetration testing that will generate more revenues? Down here in the menutia, you have to start wondering about the 50,000 foot rules of engagement. The rewards and incentives that drive progress. One BLog, and you will have worm-sign the likes God has never seen. Tearing down your illusions you worked so hard to maintain. ISOs ignored, IEEE scoffed, The captains of industry have abandoned you for a far furtile ground behind the world's largest wall. Taking with them the guns and canons you need, locking them behind patents, lawyers, and mounting debt. Whew that felt good. Hey now, hey now.
    310 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following