Yes, and we *must* get SSL to SSL bridging OUTBOUND. In fact, from my reading of the HIPAA guidelines put out by the NIST, it could be easily argued that not requiring inspection of outbound tunnels should put you out of compliance. I would certainly testify to that assertion. Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, April 13, 2005 9:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Terminal Service Port Change? http://www.ISAserver.org Need to start gathering user-agent signatures. Granted, all they need to do is generate random headers, but all we have to do is deny access to "all except"... ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Wednesday, April 13, 2005 19:39 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Terminal Service Port Change? http://www.ISAserver.org I see more programs coming out lately that are using http-tunneling to "punch-through" firewalls. Take Skype for an example, you don't even have to tell it any firewall information; it does its own probes and figures out how it can get through. Getting a bit more difficult to filter the tunnelers, they look like normal web traffic... What's your take on them? -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, April 13, 2005 22:19 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Terminal Service Port Change? http://www.ISAserver.org Hey Jim, You being in the belly of the beast, as it were, you might have some insight into why developers of network enabled application don't seem to realize that there are these fancy things called "firewalls" that control access to and from the Internet, you know, for security reasons and stuff. Did they miss that meeting, or not even get the memo? Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx