Hi Jim, While it is true that the SSL inbound tunnel is broken, I think that SSL to SSL bridging is a reasonable compromise because none of the traffic is exposed "on the wire". In contrast, I think that SSL to HTTP bridging is intolerable, because it exposes the communications on the back end. However, you could use IPSec to solve that problem (I think, I haven't tested it, but other people have mentioned to me that they've done this and it works for them). Thanks! Tom -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Sunday, February 22, 2004 11:29 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Content Scanning http://www.ISAserver.org The problem with scanning any traffic (especially SSL) is knowing ahead of time what service is handling it. The Web Poxy and Firewall services don't inter-communicate, so they can't "hand off" to each other. Thus, if you only have a web filter, firewall-service traffic wont get scanned and vice versa for an application filter... SSL traffic is doubly problematic in this regard, since: - Web Proxy: in forward proxy mode, the web proxy tunnels the SSL traffic, and thus has no access to the data. - Firewall service in either fwd or rev mode, the Firewall service never terminates the connection and thus has no access to the data In either case, to decrypt and scan the data, ISA would have to terminate and recreate the SSL session, thus breaking the SL "chain of trust". In many instances, this would be intolerable (client certs to the upstream sever, for instance). Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Sat, 21 Feb 2004 20:11:15 -0800 "David Haam" <DavidH@xxxxxxxxxxxx> wrote: http://www.ISAserver.org One key to make something work is to be able to scan also outbound activity. If the users are using a standard SMTP client to send outbound, you can set up the ISA rules to DENY outbound SMTP traffic, and provide outbound only via your filter-enabled SMTP server (filtering/monitoring by whatever product/solution you so choose). If the users are using some web-based email client then, it gets tougher. Anyone have an ISA extension tool that can do that kind of content monitoring? Maybe even able to see inside SSL packets? -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Saturday, February 21, 2004 5:53 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Content Scanning http://www.ISAserver.org That's a tough one. Maybe GFI Mail Security or something like that/ You'd need something that the mail server can "talk to". Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Sat, 21 Feb 2004 12:37:47 +0530 "Brajesh Ranjan Panda" <brajesh@xxxxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org Hi jim, Ya that is good i am also doing that. But take a situation my client is a software development organisation. So they want to scan their internal mail content's,,,,, if there is any type of company proprietory codes/ may be some mangerial information going out-side then it will be droped or forward to any other person for analysis like smtp screener. If there is any worm/TH then it of course caught by the Antivirus. But I want a customise scanning of the content's. perhaps now u get my question. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Saturday, February 21, 2004 6:16 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Content Scanning http://www.ISAserver.org Yep; I use an antivirus scanner on my mail server. Since your internal users send mail without ever touching the ISA, you're missing a bet if you don't scan at the mail server itself. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Brajesh Ranjan Panda" <brajesh@xxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, February 19, 2004 20:27 Subject: [isalist] RE: Content Scanning http://www.ISAserver.org Hi jim have u any solution with ur tools ??????? -----Original Message----- From: Anthony Michaud [mailto:anthonym@xxxxxxxxxxxxxx] Sent: Friday, February 20, 2004 9:45 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Content Scanning http://www.ISAserver.org For what? Rude/obscene words? Known virii? Unknown virii? defined file types? War and Peace? Annoying signatures with 200 lines of disclaimer? Dilbert comics? -- Anthony. > -----Original Message----- > From: Brajesh Ranjan Panda [mailto:brajesh@xxxxxxxxxxxxxxxxx] > Sent: Friday, 20 February 2004 15:09 > To: [ISAserver.org Discussion List] > Subject: [isalist] Content Scanning > > > http://www.ISAserver.org > > Hi, > > Is there any tool or configuration which can scan the contents of the > mails except "smtp screener". > > ____________________________________________ > > Brajesh Ranjan Panda > System Administrator > > Divas Offshore Software Technologies (P) Ltd. > N-1/3, DLF Phase-II > Gurgaon-122002, INDIA. > Telephone: +91-124-501880-1 to 8 > Fax/Voice-mail: +91-124-5018044 > > Web: www.divassoftware.com > ____________________________________________ > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org Windows > Security Resource Site: http://www.windowsecurity.com/ Network > Security Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > anthonym@xxxxxxxxxxxxxx To unsubscribe send a blank email to > $subst('Email.Unsub') > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: brajesh@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: brajesh@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: davidh@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')