Re: ISA, HTTPS, and Hotmail

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 28 Aug 2001 09:30:11 -0700

    Actually, I traced it and what they do is POST the username/pw in HTTPS,
then switch back to HTTP for te rest of the transaction, so even if you
cache your login info, it'll still get sent HTTPS.  Nice security measure,
but a pain in the YKW for protocol blocking.
I'm not entirely sure that using OE would change that behavior, since it's
still an HTTP mail connection.



Jim Harrison
MCP(2K), A+, Network+, PCG

----- Original Message -----
From: "Thomas W. Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, August 27, 2001 8:41 AM
Subject: [isalist] Re: ISA, HTTPS, and Hotmail


http://www.ISAserver.org


Hi Elizabeth,

A ha! I see the difference. I have my password information stored on the
local machine, which you probably cannot do in an .edu environment.

I can't think of a way to handle this kind of exception handling. That
is, to create an exception to a Protocol Rule based on a Site and
Content Rule or Destination Set.

You might try having them access their Hotmail through OE. I don't
*believe* that goes through HTTPS.

HTH,
Tom
www.isaserver.org/shinder


Thomas W Shinder, M.D., MCSE, MCT



-----Original Message-----
From: Carter, Elizabeth [mailto:ecarter@xxxxxxx]
Sent: Monday, August 27, 2001 10:08 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA, HTTPS, and Hotmail


http://www.ISAserver.org


We are using Internet Explorer and going to Hotmail.com.  After entering
a
hotmail username and password, the following link flashes up after,
which it
returns immediately to a non-https site.

https://lc2.law5.hotmail.passport.com/cgi-bin/dologin


*****************************************
Elizabeth C. Carter
Director of Information Technology
Virginia Episcopal School
400 VES Road
Lynchburg, VA  24503
434-385-3665 office
434-385-3667 fax





-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Monday, August 27, 2001 10:49 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA, HTTPS, and Hotmail


http://www.ISAserver.org


Hi Elizabeth,

I can log in and check my mail. There is no trace of HTTPS. Are they
using something funky like MSN Explorer or something else unusual?

Can they access their Hotmail account via OE?

Thanks!

Tom
www.isaserver.org/shinder


Thomas W Shinder, M.D., MCSE, MCT



-----Original Message-----
From: Carter, Elizabeth [mailto:ecarter@xxxxxxx]
Sent: Monday, August 27, 2001 9:11 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA, HTTPS, and Hotmail


http://www.ISAserver.org


Are you actually logging IN to a hotmail account?  The students can
access
the site, but can't log in.   I can access the site and log in.  The
only
difference between my account and the student accounts is the https
protocol
rule.

*****************************************
Elizabeth C. Carter
Director of Information Technology
Virginia Episcopal School
400 VES Road
Lynchburg, VA  24503
434-385-3665 office
434-385-3667 fax





-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Monday, August 27, 2001 9:34 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA, HTTPS, and Hotmail


http://www.ISAserver.org


Hi Elizabeth,

Hmmm. When I connect to Hotmail is doesn't show any HTTPS entries in the
Web Proxy log.

I also blocked HTTPS access and didn't have problems accessing Hotmail
via the browser.

HTH,
Tom
www.isaserver.org/shinder


Thomas W Shinder, M.D., MCSE, MCT



-----Original Message-----
From: Carter, Elizabeth [mailto:ecarter@xxxxxxx]
Sent: Monday, August 27, 2001 8:22 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA, HTTPS, and Hotmail


http://www.ISAserver.org


Perhaps I'm not making myself clear.  The admin's, adults, etc. are fine
as
they are, the https protocol rule does not apply to them.  But the
student
group is unable to log on to Hotmail, they are blocked because of the
https
rule, apparently hotmail requires it to log on?

*****************************************
Elizabeth C. Carter
Director of Information Technology
Virginia Episcopal School
400 VES Road
Lynchburg, VA  24503
434-385-3665 office
434-385-3667 fax





-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Sunday, August 26, 2001 12:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA, HTTPS, and Hotmail


http://www.ISAserver.org


I don't envy you your job!  I've seen the joy of trying to balance
access
lists for the public library; trying to keep the Internet raceway
running at
full speed while patching the guardrails is no easy task.

The good news is that, while they _can_ use https to make their initial
Hotmail connection, there's no real need to do so.  Hotmail will accept
https connections for sign-in, but drops the user back to http for the
rest
of the session.  Thus, no benefit for using HTTPS to Hotmail.

I would recommend following Tom's suggestion.

Jim Harrison
MCP(2K), A+, Network+, PCG

----- Original Message -----
From: "Carter, Elizabeth" <ecarter@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, August 26, 2001 8:32 AM
Subject: [isalist] ISA, HTTPS, and Hotmail


http://www.ISAserver.org


This may be a simple issue, but we need some assistance.  We are a
boarding
high school and have blocked access to HTTPS sites with a protocol rule
for
the Student group on ISA.  We do not want them going to sites such as
https://safeweb.com to bypass our internet content filtering which runs
on a
Compaq Tasksmart server.  We do have the ports open on our Cisco router
and
the site is open on our Tasksmart filter/cache server so adults have
access
to https sites.  However, we DO want the students to be able to use
Hotmail
accounts.  Is there a way to allow access to this particular https site
without having to open all https sites?  Thanks for any help you can
provide.

*****************************************
Elizabeth C. Carter
Director of Information Technology
Virginia Episcopal School
400 VES Road
Lynchburg, VA  24503
434-385-3665 office
434-385-3667 fax



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ecarter@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ecarter@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ecarter@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')




Other related posts: