[Dshield] General security question

Johannes Ullrich jullrich at euclidian.com
Sun Nov 24 15:31:01 GMT 2002


> > This does not seem very secure to me but "the business" allows our
> > auditors to connect to our network and we do allow our internal users
> > http access o the Internet. Since this traffic is all valid, according
> > to our network structure (proxy, firewalls, etc), and because the
> > traffic is SSL I cannot see what is really happening. Can I take any
> > further steps to protect our internal network?

Not an easy question and it kind of comes down to policy. But technically,
it is good to have a 'hostile internal network' setup for 'guests'. 

Essentially, instead of having just one internal network, you setup two
and do not allow traffic from the 'hostile' to the 'friendly' internal
network. Of course, this could require a different firewall, or a 
separate VLAN on your switch. 

Once this is setup, you could for example limit the proxy server to allow
ssl connections only to the auditors home network.

One word of caution: It may be possible to tell the proxy server to
cache the ssl pages. But be careful, you may violate agreements your
company has with the auditors if you try to listen in on their traffic.



-- 
--------------------------------------------------------------------
jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20021124/ffcfd8d7/attachment.bin


More information about the list mailing list