Newsgroup filtering with host server software - Page 2

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Re: Newsgroup filtering with host server software
Moe Trin wrote, On 29/12/07 17:37:
Quoted text here. Click to load it

<snip>

Quoted text here. Click to load it

Personally I always ask *before* connecting my notebook (personal or
company) in to another companies network. Not only does it save me
getting a bollocking but it is only the polite thing to do. In my office
though I am one of the people to be asked, so I give myself permission ;-)

Actually, I was given permission to hook my personal notebook in to the
company network before I had anything to do with our IT department.

<snip>

Quoted text here. Click to load it

Where I used to work the rule was that you were not allowed to have a
mobile switched on in the office (security) so I don't know if they
would have worked. One place I visited you were not allowed to take a
mobile on-site, not even if it was switched off!

Quoted text here. Click to load it

For some in our company external email outnumbers internal. For almost
everyone in our company external email is more likely to be sensitive.

Quoted text here. Click to load it

Plain text email works extremely well in a webmail portal :-)

Quoted text here. Click to load it

I agree that hypertext in email is bad, and so are large attachments.

Quoted text here. Click to load it

Well, if something could be deemed sufficiently sensitive I would agree
that only company machines should be able to access it, after all any
other machine could log it even if it was encrypted in transit.

Quoted text here. Click to load it

Agreed.

<snip>

Quoted text here. Click to load it

I'm in the *nix part of our shop (says the only person in the company
with a company MSDN subscription). Some development (I've slowly been
getting one of our applications to use some sensible security where I
have been rewriting them), some consultancy (for which I believe I
should understand enough about security not to make a fool of myself),
some work on our internal systems (the *nix boxes) and various other things.

So my personal notebook runs Linux (which helps make it safe) and my
company notebook runs Vista (so I hit problems *before* customers), but
none of my Windows machines over the years have ever had a virus as far
as I know, and the AV SW is only triggered when I *deliberately* trigger
it (in known safe ways).

Quoted text here. Click to load it

Well, late last year I suggested we lock down the machines (currently
everyone has Admin access on their Windows machines). We shall see what
happens. However, since then we have already had a couple of incidents
which we would not have had with locked down machines.

Quoted text here. Click to load it

Thanks, I will get that done.

Quoted text here. Click to load it

I used to work in the defence industry so I know all about *that* sort
of security.

Quoted text here. Click to load it

Thanks.


I may well try and get my company to buy a copy. We *do* use Linux a lot
including for hosted services that we provide.

Quoted text here. Click to load it

We have something similar here in the UK.

Quoted text here. Click to load it

I'm sure there are. However, currently I'm taking the attitude that
Windows is Somebody Else's Problem. Apart from stirring up trouble on
the Windows side by pointing out problems, that is.
--
Flash Gordon

Re: Newsgroup filtering with host server software
On Sat, 29 Dec 2007, in the Usenet newsgroup comp.security.firewalls, in article

Quoted text here. Click to load it

I think some of the people we have problems with simply don't want to
read policy, and don't understand why there might be a reason for it.

Quoted text here. Click to load it

It's _quite_ the reverse here. I have a "company" system at home, and
it's on it's own leased connection to the company, and must not be
connected to my home LAN.  Well, my wife has the same type of setup,
so we have our own lan with a half-dozen systems, and two more
isolated from everyone else. At least the companies are providing the
hardware and paying for the extra links.

Quoted text here. Click to load it

I rarely visit customer sites any more, but have run into this before.
One site I visited freaked out over a portable CD player. I had to
take it out and leave it in the rental car.

Quoted text here. Click to load it

Ah, OK - have you looked through the HOWTOs?  Some are quite dated,
but still useful.

Quoted text here. Click to load it

<bites tongue>

Quoted text here. Click to load it

That was a major issue at my wife's company, and was the reason someone
got 0wn3d there.  They did try to lock things down, but everyone was
moaning that it made their systems unusable.   Yeah, right. The "single
user" tradition of windoze is hard to overcome.  You can set a windoze
box up such that admin isn't needed, but it takes some effort and most
users (*nix as well as windoze) don't want to learn anything because it
must be nerdy, hard, or fattening.

Quoted text here. Click to load it

Yeah, isn't it fun?   Actually, Defense is only a small part of The
Problem - we run into landmines from the Securities and Exchange
Commission (stock market), as well as the Departments of Education,
and Health And Human Services.

Quoted text here. Click to load it

-rw-rw-r--  1 gferg    ldp         22582 Feb  6  2004 Reading-List-HOWTO

Eric dropped his listing of the 'Practical UNIX and Internet Security'
book some time ago (considered it "dated"), but lists two other books he
found useful.   The LDP guides are also useful, but less so due to their
age. The newest one on security is five years old.

Quoted text here. Click to load it

My problem (both at work and at home) is budgetary - plus I like to
read.  I've got quite a number of their books, and have to sneak new
ones into the house.

Quoted text here. Click to load it

Of course - nothing wrong with that  ;-)

        Old guy

Re: Newsgroup filtering with host server software
X-No-Archive: Yes

Quoted text here. Click to load it

If business takes you to the middle east, yes. Becuase some countries,
particularly Syria and Saudi Arabia are blocking access to port 25
and 110 mail servers outside the country. But if the company sets
up an SSL mail server on a odd port, the authorities in thouse countries
will not be able to figure out what you are up to when you try and
access an SSL-encrypted mail server back at company headquarters.
The government censors would see a bunch of encrypted packets
going out on a strange port, but they would not be able to figure out
what you were up to.



Re: Newsgroup filtering with host server software
Chilly8 wrote:

Quoted text here. Click to load it

Please take a short lookup on the term "man-in-the-middle attack".

Re: Newsgroup filtering with host server software
X-No-Archive: Yes

Quoted text here. Click to load it


You could double-encrypt it. If you have a broadband connection
at home, you could set up an encrypted connection, that would
first encrypt on your home server, and then encrypt over that,
when going to the company server. Currnently there are three
countries worldwide, Syria, Saudi Arabia, and Myanmar, that
block Hotmail, Gmail, etc, etc, at the national level, as well
as all port 25 and 110 mail traffic to and from servers outside
the country. But this method of double-encryption would even
foil man-in-the-middle attacks. The MOTM would decrypt
the first level of encryption, but not the second.

I use heavy encryption when I go to China to broadcast
figure skating events, becuase China is one of a handful
of countries that block Skype, and I use that to take incoming
calls for the talk show I run. I have an encrypted proxy
that requires a small client program to be run. I run that,
then change the browser settings to my that proxy, and
connect to Skype through that. This is a proprietary
encryption system, impervious to MOTM attacks.
So the people monitoring the "Great Firewall Of
China" will have no idea what I am up to, since I
am using a product with a non-standard proprietary
encryption, that supports Socks and HTTP. They
would know I was making a connection to a strange
address, using an strange encryption routine that MOTM
attacks could not decode, but thre is no POSSIBLE
way the censors at the Great Firewall Of China could
POSSIBLY known that I was taking incoming calls
via Skype. I have been to China twice, since I switched
my stations phone service to Skype in 2006, and
have NEVER had problems using my encrypted proxy
to use Skype. I was there for the Winter Asian Games
in January of this year, and for Cup Of China in
November. Thats another option, if you have to use
services, for your work, that may be blocked in the
country you are travelling to. If you use a non-standard
encryption system that cannot be decoded through a
standard MOTM attack, then the government censors
cannot figure out what you are up to.

And if your company's mail server also uses encryption,
using a program like that will, like I said, encrypt it
twice, so that even if they could get a man in the
middle attack to work, theuy would only uncover
ONE layer of encryption at best.



Re: Newsgroup filtering with host server software
Chilly8 wrote:


Quoted text here. Click to load it


That won't help, since it's a proxied connection.

Re: Newsgroup filtering with host server software
X-No-Archive: Yes

Quoted text here. Click to load it

Well, in China, I have no problem using Skype through my private
encrypted proxy. Just run the small client program, log on to
my proxy, then change my browser settings to use it. It is
encrypted using that product's proprietary encryption
protocol. Becuase its expensive to licence, for large
numbers of users, I rarely allow any outsiders to use
that proxy. I have a Tor entry proxy for public use, instead.
I have been to China twice, since we started using
Skype, and have been able to use Skype, when
doing my talk show on location from China, and have had
no problems with the local authorities, because the people
watching the Great Firewall Of China would have NEVER
been able to figure out what I was up to.

The one and only time I let an outsider use my proxy was
in February of '07 when that one Canadian skater got
injured, and one person, who was a very good friend of
hers, wanted to keep up on what was going on, from her
workplace, without the boss knowing about it, so I gave
her a login and password to my encrypted proxy. She just
then downloaded the client program from my machine,
logged on through that, just changed some browser settings,
and she was surfing GoldenSkate, Figure Skating Universe,
as well as my message board, as well as listening to my
broadcast, and her employer in Canada had no CLUE as
to what she was up to. I am always glad to help another
figure skating fan, especially in a situation like this, where
this one injured skater was this person's dear friend.
Sure, people like Leythos might call what I did unehtical,
but I considered it the human thing to do under this
circumstance.



Re: Newsgroup filtering with host server software
Chilly8 wrote:


Quoted text here. Click to load it


We were talking about Syria and Saudi-Arabia, whose implementations are less
lousy than the great joke of China.


Quoted text here. Click to load it


I'm sorry to tell you that he most likely was. Due to man-in-the-middle,
going undetected due to an installed certificate (by administration).

Re: Newsgroup filtering with host server software
X-No-Archive: Yes

Quoted text here. Click to load it



Not with the proprietary non-standard encryption that proxy uses
(which is why it is so expensive to licence for large numbers of
users). This is a proprietary encrypted proxy that is made in
Eastern Europe. It uses a non-standard algorithm that no
man-in-the-middle attack could POSSIBLY intercept. Employers,
countries, and the like, can try all the MOTM attacks I want, but
the proxy solution that *I* use is IMPERVIOUS to such attacks,
so that was no POSSIBLY way for this woman's employer to
detect what she was up to. The only thing they would know is
that she made a connection to a strange address and port, using
an unknown encryption algorithm, but they would not know
anything beyond that. This is a proprietary encryption algorith
that cannot be intercepted by any MOTM attack.






Re: Newsgroup filtering with host server software
Chilly8 wrote:

Quoted text here. Click to load it


If it's not HTTPS, then it's terminated at the proxy and no communication
takes places.

Quoted text here. Click to load it


Nonsense.


 > I want, but the proxy solution that *I* use is IMPERVIOUS to
 > such attacks,

Even more nonsense. It's trivial to terminate all non-proxied connections at
the proxy. Or, and it's trivially to launch a MITM attack directly at the
client.

Quoted text here. Click to load it


And even more nonsense. Since it's the companies computer, they're free to
monitor the client to any extend.

 > This is a proprietary encryption algorith

Quoted text here. Click to load it


Repeating your nonsense doesn't make it any less wrong.

Re: Newsgroup filtering with host server software
Quoted text here. Click to load it

Why?  Hotmail offers free and "for pay" accounts with extra services.  It
can be reached anywhere through a browser and also through Windows Live Mail
on the XP/Vista desktop.  Hotmail is one component of the larger "Windows
Live Services" which can certainly meet the needs of small business.  If you
have a corporate job then fine you have corporate mail, but how about people
who are self-employed?  Just blocking hotmail is a very heavy handed way to
reduce spam.


Re: Newsgroup filtering with host server software
Victek wrote:


Quoted text here. Click to load it


But you have to pay to get something as simple as a POP3 access. No, thanks,
GMX gives that for free.

Quoted text here. Click to load it


The day when Microsoft decided to add a malus on the spam filtering for
every mail that doesn't use their proprietary SPF, Hotmail became a
spammer-only mail service. Using it for serious business has become impossible.

Quoted text here. Click to load it

Since no serious business would use Hotmail, there are no false positives -
by definition.

Re: Newsgroup filtering with host server software
On Thu, 27 Dec 2007, in the Usenet newsgroup comp.security.firewalls, in article

Quoted text here. Click to load it

I'll just say that (until I started dropping all 'hotmail', 'yahoo',
'gmail' and similar) ALL mail I've ever received from those domains
was spam.  Almost no exceptions.   At work, such domain names are an
indication that the sender doesn't care about appearances or data
security.

Quoted text here. Click to load it

If the company is able to get business where you are required to travel,
they have the incentive to set up a local server where users can SSH in
to read their mail.

Quoted text here. Click to load it

Does the business have an Internet presence?  Does it NEED to be sending
and receiving email? Then it probably has an Internet connection, and
the Internet provider will be happy to provide mail service. In the
neighborhood where I live, there is a mini-shopping center, with (going
from memory) an Italian restaurant, tax service*, pool supplies, real
estate*, insurance, wireless store*, grocery*, hair dresser, package
service*, eye glasses, fingernail care, and sandwich shop* (the ones
marked with a * are either a chain or franchise). EVERY ONE has an
email address, though several are Business_name@Cable_ISP. No hotmail
accounts or similar.

Quoted text here. Click to load it

You may think so, but it's common.  These types of email providers do
not give the appearance of a serious business, never mind the amount
of spam that comes from there.  Also, unless your mail is encrypted
by the sender, I certainly wouldn't be sending sensitive mail anywhere
near those services.  Google (gmail) _is_ a data mining company, and
the reputation of Microsoft (hotmail) isn't exactly first rate.

        Old guy

Re: Newsgroup filtering with host server software
X-No-Archive: Yes

Quoted text here. Click to load it


Windows is a MUST for computing existence. You cannot get along
without Windows, for many applications. For example, to run my
online radio station through Live 365, I HAVE to use Windows.

If you are not using Windows, you are missing out on a lot of stuff.



Re: Newsgroup filtering with host server software
Quoted text here. Click to load it

That is without a doubt the funniest and stupidest thing I've ever seen
you spew. And you've spewed some very funny and stupid things.

Jason

Re: Newsgroup filtering with host server software
On Mon, 24 Dec 2007 20:57:12 GMT, Victek wrote:

Quoted text here. Click to load it

You may wish to go to: news.software.readers

Site Timeline