John M. Stengel, WCSP, WCT 5/7/2010



Similar documents
Configuration Example

Configuration Example

Networking for Caribbean Development

Firebox X550e, Firebox X750e, Firebox X1250e Firebox X5500e, Firebox X6500e, Firebox X8500e, Firebox X8500e-F

Fireware Essentials Exam Study Guide

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

GoToMyPC Corporate Advanced Firewall Support Features

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Intro to Firewalls. Summary

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

Application Note. Onsight Connect Network Requirements v6.3

Proxies. Chapter 4. Network & Security Gildas Avoine

Guideline on Firewall

User Guide. You will be presented with a login screen which will ask you for your username and password.

Websense Web Security Gateway: Integrating the Content Gateway component with Third Party Data Loss Prevention Applications

Owner of the content within this article is Written by Marc Grote

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

CTS2134 Introduction to Networking. Module Network Security

Securing Networks with PIX and ASA

Proxy Blocking: Preventing Tunnels Around Your Web Filter. Information Paper August 2009

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Source-Connect Network Configuration Last updated May 2009

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Installing and Configuring Websense Content Gateway

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

CSCE 465 Computer & Network Security

Inspection of Encrypted HTTPS Traffic

WatchGuard Training. Introduction to WatchGuard Dimension

Locking down a Hitachi ID Suite server

Introduction to Computer Security Benoit Donnet Academic Year

Configuring PA Firewalls for a Layer 3 Deployment

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Quick Start 5: Introducing and configuring Websense Cloud Web Security solution

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

IBX Business Network Platform Information Security Controls Document Classification [Public]

Fireware How To Logging and Notification

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

SSL VPN Technology White Paper

Filling the Threat Management Gateway Void with F5

HTTPS Inspection with Cisco CWS

Configuration Example

Quick Note 026. Using the firewall of a Digi TransPort to redirect HTTP Traffic to a proxy server. Digi International Technical Support December 2011

WatchGuard Certified Training Partner (WCTP) Program

Information Technology Security Guideline. Network Security Zoning

SSL Inspection Step-by-Step Guide. June 6, 2016

A typical router setup between WebSAMS and ITEd network is shown below for reference. DSU. Router

Webinar Information. Title: Websense Remote Filtering Audio information: Dial-in numbers:

The Benefits of SSL Content Inspection ABSTRACT

AccessEnforcer. HTTPS web filter overview

DEPLOYMENT GUIDE Version 1.0. Deploying F5 with the Oracle Fusion Middleware SOA Suite 11gR1

Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure

Move over, TMG! Replacing TMG with Sophos UTM

U06 IT Infrastructure Policy

DEPLOYMENT GUIDE Version 1.1. Deploying F5 with Oracle Fusion Middleware Identity Management 11gR1

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Overview - Using ADAMS With a Firewall

Moving Beyond Proxies

Overview - Using ADAMS With a Firewall

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Quickstart guide to Configuring WebTitan

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM

DOWNTIME CAN SPELL DISASTER

White Paper Secure Reverse Proxy Server and Web Application Firewall

Firewalls (IPTABLES)

Best Practices for Controlling Skype within the Enterprise > White Paper

How To Control Your Network With A Firewall On A Network With An Internet Security Policy On A Pc Or Ipad (For A Web Browser)

Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway

The PA-4000 Series can add visibility and control into your network for webmail applications to stop incoming threats and limit uploaded data.

Chapter 3 Security and Firewall Protection

- Introduction to Firewalls -

University of Central Florida UCF VPN User Guide UCF Service Desk

HP Service Manager Architecture and Security HP Software-as-a-Service

Repeater. BrowserStack Local. browserstack.com 1. BrowserStack Local makes a REST call using the user s access key to browserstack.

The Next Level of Secure Channel Partnership

POLIWALL: AHEAD OF THE FIREWALL

Protecting Your Network Against Risky SSL Traffic ABSTRACT

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

HTTPS HTTP. ProxySG Web Server. Client. ProxySG TechBrief Reverse Proxy with SSL. 1 Technical Brief

Testing Network Security Using OPNET

Configuration Example

Edge Configuration Series Reporting Overview

RL Solutions Hosting Service Level Agreement

F-Secure Messaging Security Gateway. Deployment Guide

Computer Security: Principles and Practice

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

How to Open HTTP or HTTPS traffic to a webserver behind the NetVanta 2000 Series unit (Enhanced OS)

Simple security is better security Or: How complexity became the biggest security threat

Firewalls & Intrusion Detection

WatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Network Security CS 192

Transcription:

Blocking GoToMyPC.com Access with WatchGuard XTM John M. Stengel, WCSP, WCT 5/7/2010

The Problem With businesses IT security growing companies are required to plug holes in their security infrastructure. Compliance and other regulations require auditing and logging of all activity. One major unmonitored area can be remote access to company resources. While this can be a productive way for employees to work it can lead to bigger issues. Picture this, with remote access software you can transfer files back and forth between local and offsite workstations. These files brought into your company may contain Trojans, malware, or other threats. These files sent out of your company could be used against you or sold to a competitor. Employee and client sensitive data could be leaked and your company could still be liable for damages. All information and activity logging while using remote access software may not be visible to IT administrators. Companies may have no way of tracking back what takes place during these remote sessions. This could leave companies vulnerable to risk and litigation. It is the responsibility of companies to protect this information. The purpose of this document is to describe in detail how to prevent remote access to company computers using GoToMyPC.com with a WatchGuard firewall. Why GoToMyPC.com Using a standard web blocking package such as WatchGuard s WebBlocker and Websense you have the ability to block access to Proxy sites. This will block access to sites such as logmein.com. What makes GoToMyPC.com unique is that once installed it tries to go out various ports to make a connection. It doesn t connect to a typical URL rather to an IP address. The IP address it connects to can be one of any number they have built into the software. This makes controlling access by IP virtually impossible. Additionally in our testing we observed that the agent tries to access the remote servers over a variety of ports such as 443 and 80. We were initially able to block the agent from working by adding a proxy to the SSL certificates passing through the channel. The issue with this was other valid sites also stopped working. With a lot of testing and using the granularity of the WatchGuard Proxy policies we were successful in shutting this off. Not only are we able to stop it from working we can even send an alert that the user is attempting access to the software. Environment To perform our testing we used a WatchGuard x750e running firmware 11.2.3. I do, however, think this will work in any version of Fireware.

In our environment we control access to outbound ports. We do not have an Outbound Any policy on our firewall so all outbound activity requires a rule. This is often referred to as Egress Filtering. We use the WatchGuard WebBlocker, HTTP, and HTTPS proxies for web browsing. How to Stop GoToMyPC.com The below steps are going to assume you are using HTTP and HTTPS Proxy Policies on your WatchGuard. Step 1 Blocking Port 8200 Create a new rule for TCP port 8200. The rule should be set to Denied, like below. This blocks access to the authorization request from the agent.

Step 2 WebBlocker If you have a license for WebBlocker it will add another level to your security. While you can still stop the agent without this, blocking access to the Proxies and Translators category will prevent them from even getting to the sites. Step 3 HTTP Proxy This is the most important step. When the agent calls out to an IP address it has some behavior that we can monitor. First it calls a URL with the term machinekey= in the line. Next at the time of connection it calls a service with the phrase jedi? in the line. Using these two in the proxy policy we were able to block the traffic. In the screen shot below you will see that I added those terms to the URL Paths section under the HTTP Request portion of the policy. I added them as *jedi?*, *Jedi?*, and *machinekey=*

Now I set mine to block if they are accessed. Reason being is as an Administrator I want to know that my employees have the agent installed. What happens in this scenario is when the agent calls out they are added to my Blocked Sites list. They are then required to call the help desk for access to the internet. This alerts staff that the agent is installed and action can be taken by management. Wrap Up Access to GoToMyPC.com is stopped. Nothing else is needed at the time of publication. The software may change overtime and we may need to adjust our logic. About the Author John M Stengel is a WatchGuard Certified Trainer with JStengel Consulting (www.jstengel.net). He works as a security consultant with companies in a variety of industries. JStengel Consulting is a WatchGuard Expert Partner and Certified Training Partner. Clients include retail, healthcare, schools, and government organizations.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information