[Owasp-sydney] tunneling proxy
graham_chow at yahoo.com
Thu Mar 10 02:14:37 EST 2011
Having some time on hand, a little bit of effort was consumed building a homebrew tunneling proxy. It got me thinking, how does a corporate network protect itself against these sorts of vunerabilities.
The only protection known is
1) proxy to mandate ip addresses that resolve to real dns names that have existed for a period of time.
2) use NTML authenticate proxy (technical barrier)
3) black list certain third party software/traffic hence the homebrew effort
4) payload inspection (need to use encryption - other than ssl)
5) Don't give admin access to users (we have - although is admin required)
More information about the Owasp-sydney