Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: Linked-in and its Phishing-like contacts option!
(Jon Robinson)
2. Re: Linked-in and its Phishing-like contacts option!
(lordchariot@embarqmail.com)
----------------------------------------------------------------------
Message: 1
Date: Wed, 1 May 2013 09:44:36 -0700
From: Jon Robinson <jon@digitalscepter.com>
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<CADR-zoPXU+5cR3evia-6FW2vVJu-BB7s9cARHRHDxLJQgdG=Zg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
It's not free but Palo Alto Networks does this.You can search here to see
which applications/sites they can control:
http://apps.paloaltonetworks.com/applipedia/
Jon Robinson
Digital Scepter
desk (951) 461-7868
mobile (562) 682-0821
jon@digitalscepter.com
On Tue, Apr 30, 2013 at 10:50 PM, Mathew Want <imortl1@gmail.com> wrote:
> Read only access to the sites. I like that idea a lot.
>
> Has anyone else come across this requirement or found a good way to do it
> at a control point level? Perhaps at the IDS layer?
>
> M@
>
>
> On 1 May 2013 02:20, <lordchariot@embarqmail.com> wrote:
>
>> > I'm honestly not sure how we could block this stuff in a web-proxy, or
>> be
>> > alerted by an IDS rule short of just blocking the sites.
>> > (Maybe this will start more discussion. How would one try this?)
>>
>> I have a lot of requests from customers to try to make the web read-only.
>> The main use cases are for social network, blogs/wikis, and commenting on
>> posts. The fundamental ways to do this are to 1) have MITM SSL decryption,
>> and 2) block the POST method for specific sites. Most commercial proxies
>> can do this and even squid does SSL MITM.
>>
>> By blocking POST to certain categories of sites and only allowing the
>> POST for the */logon pages, users can view all the facebook/twitter/youtube
>> they want, but can't write anything outbound to the site. It's pretty
>> effective.
>>
>> e?
>> _____________________________________
>>
>> From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:
>> firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Bruce Platt
>> Sent: Friday, April 26, 2013 7:41 AM
>> To: Firewall Wizards Security Mailing List
>> Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
>>
>> I have a love/hate relationship with these as well. I was only tempted
>> down this perfidious path a few years ago when a set of my Grandchildren
>> asked me to get a Facebook account so we could interact that way as they
>> live on the other coast from me. I started disliking it within five
>> minutes when a former employer sent me a request to "friend" him. Then it
>> became an issue of who can I not be "friends" with among my contemporaries.
>>
>> Same with Linked-In, same with Twitter.
>>
>> Up to this point I'm just addressing the personal inconvenience aspect of
>> it, which is why I chose Crispan's post to which to reply.
>>
>> But, the larger issue is really the risk of exposing all sorts of
>> personal / corporate information in a variety of unwitting ways. This is
>> the part I hate. We've had many discussions about the risks of allowing
>> people to use social media web sites from work. It's a losing battle.
>> Entering one's email password is just one, and Linked-In is not the only
>> villain. I just made some flight reservations yesterday. The airline
>> website offered to add the reservation to my Calendar. Not let me download
>> a .cal file, but to directly insert it into my calendar. Uh, no. Not
>> today.
>>
>> But, this now get's added to our list of worst practices and meet's
>> Paul's criteria of being part of overall operational security. I'm
>> honestly not sure how we could block this stuff in a web-proxy, or be
>> alerted by an IDS rule short of just blocking the sites. (Maybe this will
>> start more discussion. How would one try this?)
>>
>> Mix these with BYOD, and it makes a daunting task indeed.
>>
>> Cheers
>>
>> --
>> +------------------------------------+
>> Bruce B. Platt, Ph.D.
>> V.P. Research
>> ei3 Corporation
>> 136 Summit Avenue
>> Montvale, NJ 07645
>> Phone: +1-201-802-9080 ext. 404
>> Facsimile: +1-201-802-9099
>>
>> On Fri, Apr 26, 2013 at 12:53 AM, Crispin Cowan <crispin@crispincowan.com>
>> wrote:
>> I boycott all social media. I?m not opposed to social networking, but I
>> am opposed to some dot.com monetizing my relationships; I do all my
>> social networking via open protocols like e-mail, and having a beer with a
>> friend ?
>>
>> I broke this rule once, joining LinkedIn 5 years ago, because I needed a
>> job. LinkedIn was a total failure at getting a job, but attending ToorCon
>> and having a beer with someone I met there worked. I deleted my LinkedIn
>> account when I got tired of the ?Foo wants to connect with you? spam. I?m
>> still getting LinkedIn spam.
>>
>> Screw social networking web sites. I don?t have a FaceBook page or a
>> Twitter account, and never will.
>>
>> Funny, I never envisioned myself as Clint Eastwood yelling at kids to get
>> off my lawn, but here I am ?
>>
>> Sent from Windows Mail
>>
>> From: Gautier . Rich
>> Sent: ?Thursday?, ?April? ?25?, ?2013 ?9?:?28? ?PM
>> To: Firewall Wizards Security Mailing List
>>
>> Thoughts? I?m wondering why User Operational Security falls under the
>> realm of Firewall Wizards.. Other than that, I?d say ? They?re not alone
>> by any stretch of the imagination, and plenty of users seem to be perfectly
>> willing to accept the risk (or be unaware of it). However, not much you
>> can do on the firewall side other than turning off webmail access...
>>
>> Richard Gautier, CISSP
>> Enterprise Architect, Federal Group
>> 650 Massachusetts Avenue NW
>> Suite 510
>> Washington, DC 20001
>> Office: (571) 226-8828 | Cell: (703) 231-2156
>> rgautier@drc.com | www.drc.com
>>
>> From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:
>> firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Mathew Want
>> Sent: Monday, April 22, 2013 7:30 PM
>> To: Firewall Wizards Security Mailing List
>> Subject: [fw-wiz] Linked-in and its Phishing-like contacts option!
>>
>> Hiya all.
>>
>> Has anyone else noticed the option to see who else they know is connected
>> on Linked-in? Have you noticed that if you click on the outlook button it
>> asks you for your WORK EMAIL PASSWORD!!!!!
>> Bloody hell! It's not like the job of getting users to not submit this
>> information to other sites isn't already hard enough without this!!! The
>> "can't put brains in pumpkins " department must be having a field day over
>> this.
>> Am I the only one that think this is a touch negligent on the part of
>> Linked-in? Or should I just accept that it is corporate facebook, accepts
>> that they have the dame moral fibre and move on?
>> Maybe I am expecting too much? Thoughts?
>> --
>> Regards,
>> M@
>> --
>> "Some things are eternal by nature,
>> others by consequence"
>> ________________________________________
>> This electronic message transmission and any attachments that accompany
>> it contain information from DRC? (Dynamics Research Corporation) or its
>> subsidiaries, or the intended recipient, which is privileged, proprietary,
>> business confidential, or otherwise protected from disclosure and is the
>> exclusive property of DRC and/or the intended recipient. The information in
>> this email is solely intended for the use of the individual or entity that
>> is the intended recipient. If you are not the intended recipient, any use,
>> dissemination, distribution, retention, or copying of this communication,
>> attachments, or substance is prohibited. If you have received this
>> electronic transmission in error, please immediately reply to the author
>> via email that you received the message by mistake and also promptly and
>> permanently delete this message and all copies of this email and any
>> attachments. We thank you for your assistance and apologize for any
>> inconvenience.
>>
>> _______________________________________________
>> firewall-wizards mailing list
>> firewall-wizards@listserv.icsalabs.com
>> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>>
>>
>> _______________________________________________
>> firewall-wizards mailing list
>> firewall-wizards@listserv.icsalabs.com
>> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>>
>
>
>
> --
> "Some things are eternal by nature,
> others by consequence"
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20130501/8a86be84/attachment-0001.html>
------------------------------
Message: 2
Date: Wed, 1 May 2013 15:20:09 -0400
From: <lordchariot@embarqmail.com>
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
To: "'Firewall Wizards Security Mailing List'"
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <000301ce46a0$e5ebf180$b1c3d480$@embarqmail.com>
Content-Type: text/plain; charset="utf-8"
Yeah, I was trying to make this non-product specific, but most vendors can actually do this to some degree or another.
Here's how we do it on my product:
https://mcafee.box.com/MWG7-FeatureDemo-Part2
The problem with doing it at a network layer with an IDS is the SSL decryption. Almost everything nowadays is HTTPS, so it's game over if you cannot open up the encryption.
e?
_____________________________________
From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Jon Robinson
Sent: Wednesday, May 01, 2013 12:45 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
It's not free but Palo Alto Networks does this.You can search here to see which applications/sites they can control: http://apps.paloaltonetworks.com/applipedia/
Jon Robinson
Digital Scepter
desk (951) 461-7868
mobile (562) 682-0821
jon@digitalscepter.com
On Tue, Apr 30, 2013 at 10:50 PM, Mathew Want <imortl1@gmail.com> wrote:
Read only access to the sites. I like that idea a lot.
Has anyone else come across this requirement or found a good way to do it at a control point level? Perhaps at the IDS layer?
M@
On 1 May 2013 02:20, <lordchariot@embarqmail.com> wrote:
> I'm honestly not sure how we could block this stuff in a web-proxy, or be
> alerted by an IDS rule short of just blocking the sites.
> (Maybe this will start more discussion. How would one try this?)
I have a lot of requests from customers to try to make the web read-only. The main use cases are for social network, blogs/wikis, and commenting on posts. The fundamental ways to do this are to 1) have MITM SSL decryption, and 2) block the POST method for specific sites. Most commercial proxies can do this and even squid does SSL MITM.
By blocking POST to certain categories of sites and only allowing the POST for the */logon pages, users can view all the facebook/twitter/youtube they want, but can't write anything outbound to the site. It's pretty effective.
e?
_____________________________________
From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Bruce Platt
Sent: Friday, April 26, 2013 7:41 AM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Linked-in and its Phishing-like contacts option!
I have a love/hate relationship with these as well. I was only tempted down this perfidious path a few years ago when a set of my Grandchildren asked me to get a Facebook account so we could interact that way as they live on the other coast from me. I started disliking it within five minutes when a former employer sent me a request to "friend" him. Then it became an issue of who can I not be "friends" with among my contemporaries.
Same with Linked-In, same with Twitter.
Up to this point I'm just addressing the personal inconvenience aspect of it, which is why I chose Crispan's post to which to reply.
But, the larger issue is really the risk of exposing all sorts of personal / corporate information in a variety of unwitting ways. This is the part I hate. We've had many discussions about the risks of allowing people to use social media web sites from work. It's a losing battle. Entering one's email password is just one, and Linked-In is not the only villain. I just made some flight reservations yesterday. The airline website offered to add the reservation to my Calendar. Not let me download a .cal file, but to directly insert it into my calendar. Uh, no. Not today.
But, this now get's added to our list of worst practices and meet's Paul's criteria of being part of overall operational security. I'm honestly not sure how we could block this stuff in a web-proxy, or be alerted by an IDS rule short of just blocking the sites. (Maybe this will start more discussion. How would one try this?)
Mix these with BYOD, and it makes a daunting task indeed.
Cheers
--
+------------------------------------+
Bruce B. Platt, Ph.D.
V.P. Research
ei3 Corporation
136 Summit Avenue
Montvale, NJ 07645
Phone: +1-201-802-9080 ext. 404 <tel:%2B1-201-802-9080%20ext.%20404>
Facsimile: +1-201-802-9099 <tel:%2B1-201-802-9099>
On Fri, Apr 26, 2013 at 12:53 AM, Crispin Cowan <crispin@crispincowan.com> wrote:
I boycott all social media. I?m not opposed to social networking, but I am opposed to some dot.com monetizing my relationships; I do all my social networking via open protocols like e-mail, and having a beer with a friend ?
I broke this rule once, joining LinkedIn 5 years ago, because I needed a job. LinkedIn was a total failure at getting a job, but attending ToorCon and having a beer with someone I met there worked. I deleted my LinkedIn account when I got tired of the ?Foo wants to connect with you? spam. I?m still getting LinkedIn spam.
Screw social networking web sites. I don?t have a FaceBook page or a Twitter account, and never will.
Funny, I never envisioned myself as Clint Eastwood yelling at kids to get off my lawn, but here I am ?
Sent from Windows Mail
From: Gautier . Rich
Sent: ?Thursday?, ?April? ?25?, ?2013 ?9?:?28? ?PM
To: Firewall Wizards Security Mailing List
Thoughts? I?m wondering why User Operational Security falls under the realm of Firewall Wizards.. Other than that, I?d say ? They?re not alone by any stretch of the imagination, and plenty of users seem to be perfectly willing to accept the risk (or be unaware of it). However, not much you can do on the firewall side other than turning off webmail access...
Richard Gautier, CISSP
Enterprise Architect, Federal Group
650 Massachusetts Avenue NW
Suite 510
Washington, DC 20001
Office: (571) 226-8828 <tel:%28571%29%20226-8828> | Cell: (703) 231-2156 <tel:%28703%29%20231-2156>
rgautier@drc.com | www.drc.com
From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Mathew Want
Sent: Monday, April 22, 2013 7:30 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Linked-in and its Phishing-like contacts option!
Hiya all.
Has anyone else noticed the option to see who else they know is connected on Linked-in? Have you noticed that if you click on the outlook button it asks you for your WORK EMAIL PASSWORD!!!!!
Bloody hell! It's not like the job of getting users to not submit this information to other sites isn't already hard enough without this!!! The "can't put brains in pumpkins " department must be having a field day over this.
Am I the only one that think this is a touch negligent on the part of Linked-in? Or should I just accept that it is corporate facebook, accepts that they have the dame moral fibre and move on?
Maybe I am expecting too much? Thoughts?
--
Regards,
M@
--
"Some things are eternal by nature,
others by consequence"
________________________________________
This electronic message transmission and any attachments that accompany it contain information from DRC? (Dynamics Research Corporation) or its subsidiaries, or the intended recipient, which is privileged, proprietary, business confidential, or otherwise protected from disclosure and is the exclusive property of DRC and/or the intended recipient. The information in this email is solely intended for the use of the individual or entity that is the intended recipient. If you are not the intended recipient, any use, dissemination, distribution, retention, or copying of this communication, attachments, or substance is prohibited. If you have received this electronic transmission in error, please immediately reply to the author via email that you received the message by mistake and also promptly and permanently delete this message and all copies of this email and any attachments. We thank you for your assistance and apologize for any inconvenience.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
--
"Some things are eternal by nature,
others by consequence"
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20130501/ae64b1a1/attachment.html>
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 65, Issue 2
***********************************************
No comments:
Post a Comment