> Wait.... isn't that "security through obscurity"? What prevents the user
> from using:
>
> 216.239.37.125 talk.google.com
>
> in his hosts file? You are telling me that Google recommends attempting
> to foil a resolver by returning bogus entries as an attempt to prohibit
> Google Talk traffic in a network? Is that the new Status Quo of Internet
> giants, giving stupid "un-security" advice like that?
>
> Excuse me while I wipe the coffee off my screen and keyboard...


It's a reasonable first step. If the user has the ability to modify their
resolver configuration, then that may be a bigger issue than running a
chat client. After all, what's to stop the user from using an SSL tunnel
to a proxy server somewhere on the Internet? DNS tunnel? SSH tunnel...

The answer given is enough to enforce the policy from casual abusers,
which is really the goal of most protective policy measures. An active
and determined abuser needs to be held to a higher standard of account
than someone who clicked on a link on a Web page.

Once you've gotten to the circumvention stage, you're in the "removed
permanently from the network" category of users who deserves termination.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
http://fora.compuwar.net Infosec discussion boards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards