RE: Content Scanning

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 22 Feb 2004 12:42:03 -0600

Hi Jim,

While it is true that the SSL inbound tunnel is broken, I think that SSL
to SSL bridging is a reasonable compromise because none of the traffic
is exposed "on the wire". In contrast, I think that SSL to HTTP bridging
is intolerable, because it exposes the communications on the back end.
However, you could use IPSec to solve that problem (I think, I haven't
tested it, but other people have mentioned to me that they've done this
and it works for them).

Thanks!
Tom 

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Sunday, February 22, 2004 11:29 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Content Scanning

http://www.ISAserver.org

The problem with scanning any traffic (especially SSL) is knowing ahead
of time what service is handling it.
The Web Poxy and Firewall services don't inter-communicate, so they
can't "hand off" to each other.
Thus, if you only have a web filter, firewall-service traffic wont get
scanned and vice versa for an application filter...

SSL traffic is doubly problematic in this regard, since:
- Web Proxy:
in forward proxy mode, the web proxy tunnels the SSL traffic, and thus
has no access to the data.
- Firewall service
in either fwd or rev mode, the Firewall service never terminates the
connection and thus has no access to the data

In either case, to decrypt and scan the data, ISA would have to
terminate and recreate the SSL session, thus breaking the SL "chain of
trust".  In many instances, this would be intolerable (client certs to
the upstream sever, for instance).

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Sat, 21 Feb 2004 20:11:15 -0800
 "David Haam" <DavidH@xxxxxxxxxxxx> wrote:
http://www.ISAserver.org

One key to make something work is to be able to scan also outbound
activity. If the users are using a standard SMTP client to send
outbound, you can set up the ISA rules to DENY outbound SMTP traffic,
and provide outbound only via your filter-enabled SMTP server
(filtering/monitoring by whatever product/solution you so choose).

If the users are using some web-based email client then, it gets
tougher. Anyone have an ISA extension tool that can do that kind of
content monitoring? Maybe even able to see inside SSL packets?



 

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Saturday, February 21, 2004 5:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Content Scanning

http://www.ISAserver.org

That's a tough one.
Maybe GFI Mail Security or something like that/ You'd need something
that the mail server can "talk to".

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Sat, 21 Feb 2004 12:37:47 +0530
 "Brajesh Ranjan Panda" <brajesh@xxxxxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org

Hi jim,

Ya that is good i am also doing that. But take a situation my client is
a software development organisation. So they want to scan their internal
mail content's,,,,, if there is any type of company proprietory codes/
may be some mangerial information going out-side then it will be droped
or forward to any other person for analysis like smtp screener. If there
is any worm/TH then it of course caught by the Antivirus. But I want a
customise scanning of the content's.

perhaps   now u get my question.

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Saturday, February 21, 2004 6:16 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Content Scanning


http://www.ISAserver.org

Yep; I use an antivirus scanner on my mail server.
Since your internal users send mail without ever touching the ISA,
you're missing a bet if you don't scan at the mail server itself.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message -----
From: "Brajesh Ranjan Panda" <brajesh@xxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, February 19, 2004 20:27
Subject: [isalist] RE: Content Scanning


http://www.ISAserver.org


Hi jim

have u any solution with ur tools ???????
-----Original Message-----
From: Anthony Michaud [mailto:anthonym@xxxxxxxxxxxxxx]
Sent: Friday, February 20, 2004 9:45 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Content Scanning


http://www.ISAserver.org

For what?

Rude/obscene words? Known virii? Unknown virii? defined file types?  War
and Peace? Annoying signatures with 200 lines of disclaimer?  Dilbert
comics?

--
Anthony.

> -----Original Message-----
> From: Brajesh Ranjan Panda [mailto:brajesh@xxxxxxxxxxxxxxxxx]
> Sent: Friday, 20 February 2004 15:09
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Content Scanning
>
>
> http://www.ISAserver.org
>
> Hi,
>
> Is there any tool or configuration which can scan the contents of the 
> mails except "smtp screener".
>
> ____________________________________________
>
> Brajesh Ranjan Panda
> System Administrator
>
> Divas Offshore Software Technologies (P) Ltd.
> N-1/3, DLF Phase-II
> Gurgaon-122002, INDIA.
> Telephone: +91-124-501880-1 to 8
> Fax/Voice-mail: +91-124-5018044
>
> Web: www.divassoftware.com
> ____________________________________________
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows 
> Security Resource Site: http://www.windowsecurity.com/ Network 
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:

> anthonym@xxxxxxxxxxxxxx To unsubscribe send a blank email to 
> $subst('Email.Unsub')
>

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
brajesh@xxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
brajesh@xxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
davidh@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » Content Scanning
• » RE: Content Scanning
• » RE: Content Scanning
• » RE: Content Scanning
• » RE: Content Scanning
• » RE: Content Scanning
• » RE: Content Scanning
• » RE: Content Scanning
• » RE: Content Scanning
• » RE: Content Scanning
• » RE: Content Scanning
• » RE: Content Scanning
• » RE: Content Scanning

1. Home
2. isalist
3. Archive
4. 02-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---