Question : Problem: How to Stop HTTP tunneling through ISA?

Hi,
Problem: Users are using some kind of software to bypass the ISA server and connect to restricted web sites. These users don't connect to another website that redirect them to the restricted site, they only run their application and connect normally to the restricted site using http in IE7.
Running ipconfig /all command on their laptops shows the details of their LAN card and the details of a network adapter called "TAP VPN adapter"

We are using Windows 2003 domain and ISA 2006 configured as an edge firewall. Clients are configured as Secure Nat. ISA is configured to stop access to other proxies.

Any idea about how to inspect outbound SSL traffic through ISA and filter it? Can websites be filtered according to their signature?

Any help would be much appreciated!

Answer : Problem: How to Stop HTTP tunneling through ISA?

Hi,

Finally I was able to stop those guys!!! I used the ISA logging feature to monitor the activity of those users. It showed that they are connecting to a set of IP addresses ranging from a.b.c.1 to a.b.c.254 after running their tool. Although we denied all VPN protocols through ISA as part of our internet usage policy, this didn't stop them until i created a deny rule from internal to the specified subnet (a.b.c.1 - a.b.c. 254) for all protocols.
Although this is not a global soltuion; other tools can connect to other set of servers having different IPs but it stopped this malicious behavior

Thanks guys
Random Solutions  
 
programming4us programming4us