On 6/15/06, Mike Powell wrote:
> We filter our internet-bound traffic through Microsoft's ISA 2004, and
> it is protocol-aware for http (port 80 and 443) traffic, so I can't
> think of a way to block the port 443 traffic as it appears to go through
> the ISA server as a valid SSL connection, just like someone browsing an
> SSL website.


There are products (e.g. Bluecoat) offering MITM interception and
analysis of SSL traffic.

While I don't think Bluecoat has handlers for Google Talk (or the
generic XMPP protocol it's built on) today, given that their products
are targeted at "IM migitation", I'd expect one soon.


Kevin Kadow

(P.S. We just finished an evaluation of Bluecoat, were generally
pleased with the proxy and streaming media features. One area where
the product fell short was "Enterprise" (hierarchical) management and
reporting, features said to be coming in the next few months.)
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards