headers
Garry Baker | 1 Oct 2008 08:11
Picon
Favicon

Re: Open Source Web Content/URL Filter

http://dansguardian.org/?page=introduction

--- vaporad <at> live.com wrote:

> My company is looking into open source alternatives
> to our Websense application.  The application would
> need to be AD aware and have transparent
> authentication.  Does anyone have any experience
> with a open source web content/url filters?
> 
> Thanks in advance
> 

--

-- 
Garry L. Baker

"Man is not intended to see through the eyes of another, hear through another's ears nor comprehend with
another's brain... Therefore depend upon your own reason and judgment and adhere to the outcome of your
own investigation…"  -`Abdu'l-Bahá
Permalink | Reply | 0 comments |
headers
Rodrigo Blanco | 1 Oct 2008 09:10
Picon

Re: Terminal services

Hi Fernando,

I would say there are two possibilities: either the application you
wnat to make available for your end users is web, or not
(client-server).

If it is a web aplication, the VPN SSL would be a good solution (for
enhanced security, you could think of providing your users with OTP
tokens, so that even if in the non-controlled PCs they are using there
was some kind of malware / keylogger, no falw is introduced by
enabling this access). VPN SSL is especially convenient since it
provide virtually ubiquitous access (it just requires a browser, no
need to install any software client), and normally remains transparent
for the internal application (behaviour similar to a reverse proxy).

If it is not a web application, you can still publish it through VPN
SSL. If the software client of the application can be installed on the
PCs, you can tunnel the trafiic through port forwarding (usually as an
applet or ActiveX from the VPN SSL). Apart from requiring the ability
to install software on the public PC (which is usually not the case),
this may also pose security concerns about pieces of information
remaining on the non-controlled PC as cache / temp files / RAM
memory... The other option is to publish the application in a
thin-client architecture (terminal server, citrix...), and enable
access through the VPN SSL through a port forwarder. The advantage of
this approach is that neither does the application need to be
installed on the public PC, nor does it run on it, so no sensitive
information can be expected to remain on it after the session has been
closed.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Nikhil Wagholikar | 1 Oct 2008 09:19
Picon

Re: Terminal services

Hi Velzaf,

I guess this article can help you with your problem:

How Secure are Windows Terminal Services?
Link: http://www.windowsecurity.com/articles/Windows_Terminal_Services.html

---
Nikhil Wagholikar
Practice Lead | Security Assessment & Digital Forensics
NII Consulting
Web: http://www.niiconsulting.com/
Security Products: http://www.niiconsulting.com/products.html

On Wed, Oct 1, 2008 at 1:31 AM, <velzaf <at> hotmail.com> wrote:
>
> Hi guys
>
> I need an opinión from you related to terminal services.  I need to provide a solution to allow some
external clients to connect via Internet to a specific application.  Those clients will use a laptop that
don't belong to the enterprise, in fact they are not secure clients and we don't have any contact with the
computers they connect with just to configure the connection.
>
> I have been thinking about the use of VPN, but I am not sure because their insecurity, I think TLS could be an
option but I have not experience implementing that sort of solution, and I worry about their using several
tools like tsgrinder or something like that.  I know I need to restrict their options to the maximum maybe
using Active directory.
>
>
> The server is Windows Server 2003
(Continue reading)

Permalink | Reply | 1 comment |
headers
Vega - Brunello Ivan | 1 Oct 2008 11:15
Picon

R: Terminal services

I'm not tied to vmware, but i find their product worth checking.

1) http://www.vmware.com/products/thinapp/ package everything on a standalone application
2) http://www.vmware.com/products/ace/ package a single, secure instance on a vmware image you can give
your partner.

Another option could be playing tightly with some good WebVPN system (I've been playing with Cisco ASA, and
it seems quite flexible).

Sadly, none of the above option come at low price.
Luckily, there could be many other alternatives (cheaper and better) I'm not aware.

Ivan Brunello
System & Network Management

***********************************************************************************************************************************************************************************
Le informazioni contenute nel seguente messaggio di posta elettronica e negli allegati sono riservate e
confidenziali; ne è vietata la lettura,
la copia, la comunicazione e la diffusione in qualunque modo eseguite ai sensi dell'art. 616 del Codice
Penale. 
Qualora Lei lo abbia erroneamente ricevuto è tenuto ad eliminarlo, dandone gentilmente comunicazione
al mittente tramite mail di ritorno.
***********************************************************************************************************************************************************************************
 
> -----Messaggio originale-----
> Da: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com]
> Per conto di velzaf <at> hotmail.com
> Inviato: martedì 30 settembre 2008 23.31
> A: security-basics <at> securityfocus.com
> Oggetto: Terminal services
(Continue reading)

Permalink | Reply | 0 comments |
headers
Ramki B Ramakrishnan | 1 Oct 2008 16:02
Picon

RE: Open Source Web Content/URL Filter


Squid Guard - http://www.squidguard.org/
DansGuardian - http://dansguardian.org/

HTH, Ramki
-----
Ramki B. Ramakrishnan
Security Enthusiast
GIAC:GSEC, CvA

-----Original Message-----
From: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com] On
Behalf Of vaporad <at> live.com
Sent: Tuesday, September 30, 2008 10:30 PM
To: security-basics <at> securityfocus.com
Subject: Open Source Web Content/URL Filter

My company is looking into open source alternatives to our Websense
application.  The application would need to be AD aware and have transparent
authentication.  Does anyone have any experience with a open source web
content/url filters?

Thanks in advance
Permalink | Reply | 1 comment |
headers
velzaf | 1 Oct 2008 15:49
Picon
Favicon

Re: Terminal services

Thanks to all of you guys for your answers, well we already thought in a stand alone solution, vmware could be
a very good option, but the application use a dongle in a USB memory and it is located at the server and the
proccess to synchronize the stand alone application is very difficult, furthermore it is a third party
application, so we ruled out that option, in the other hand the application is not Web at all, it coul be
implemented with some funtions but is not the interest of the enterpriese and the only one solution we saw
is the use of Terminal Server.
Permalink | Reply | 2 comments |
headers
Michel Ferreira | 1 Oct 2008 15:57
Picon
Gravatar

Including traceroute info on zenmap topology

I have information of a traceroute from a host and i want to include
this info on a topology generated by zenmap, without running the tool
on this host. Is there any way to do this ?

Thanks in advance,
Michel
Permalink | Reply | 0 comments |
headers
Ansgar Wiechers | 1 Oct 2008 01:38
Favicon

Re: Anti-Phishing with digital watermarking

On 2008-10-01 Razi Shaban wrote:
>> Since it doesn't interfere with their phishing attempt: why would
>> they remove any of the original content? However, a script that's
>> supposed to detect a phishing attempt is a whole different matter.
> 
> A script that is supposed to detect a phishing attempt is the actual
> topic of this discussion. You come in here telling everyone they're
> doing everything wrong, and you don't even know what's being
> discussed? What?

You lack reading comprehension. There is no need for a phisher to tamper
with the original content as long as that original content doesn't
interfere with the phishing attempt. Once that premise changes, it is
unreasonable to assume that phishers *still* won't tamper with the
orignial site's content. Isn't that obvious?

Regards
Ansgar Wiechers
--

-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
Permalink | Reply | 0 comments |
headers
Vega - Brunello Ivan | 1 Oct 2008 10:56
Picon

R: Open Source Web Content/URL Filter

Dansguardian (www.dansguardian.org) comes to mind...

Ivan Brunello
System & Network Management

> -----Messaggio originale-----
> Da: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com]
> Per conto di vaporad <at> live.com
> Inviato: martedì 30 settembre 2008 19.00
> A: security-basics <at> securityfocus.com
> Oggetto: Open Source Web Content/URL Filter
> 
> My company is looking into open source alternatives to our Websense
> application.  The application would need to be AD aware and have
> transparent authentication.  Does anyone have any experience with a
> open source web content/url filters?
> 
> Thanks in advance
Permalink | Reply | 0 comments |
headers
H. Kurth Bemis | 1 Oct 2008 05:45
Favicon
Gravatar

Re: Open Source Web Content/URL Filter

squid+dansguardian authenticating from AD (LDAP) is pretty 
straightforward to setup.  I found everything I needed Googling around 
and at the squid and dansguardian sites.

~hkb

vaporad <at> live.com wrote:
> My company is looking into open source alternatives to our Websense application.  The application would
need to be AD aware and have transparent authentication.  Does anyone have any experience with a open
source web content/url filters?
> 
> Thanks in advance
Permalink | Reply | 0 comments |

Gmane