email sites using 443

wagnerbmwagnerbm Member Posts: 38 ■■□□□□□□□□
in Off-Topic
Does anyone know how to block email sites using 443?

thx
· Share on FacebookShare on Twitter

Comments

  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    Block port 443 in your firewall?
    · Share on FacebookShare on Twitter
  • wagnerbmwagnerbm Member Posts: 38 ■■□□□□□□□□
    We don't want to block all of 443 just the email sites using 443.
    · Share on FacebookShare on Twitter
  • maumercadomaumercado Member Posts: 163
    Just wondering... why would you want to secure https email sites?

    "Block port 443 in your firewall" ... theres your answer..
    · Share on FacebookShare on Twitter
  • maumercadomaumercado Member Posts: 163
    wagnerbm wrote: »
    We don't want to block all of 443 just the email sites using 443.

    if you know the email sites names using 443 you want to block, maybe a proxy with a net filter like dansguardian, then add them to a blacklist...
    · Share on FacebookShare on Twitter
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    So you're saying you want to block inside access to all websites which offer secured email services?

    For example, Gmail has an option to use SSL, but by default it does not.

    You can either block access to the entire site, thus blocking access to unsecured email as well, or you can block that port on the firewall.

    If you have clients accessing legitimate sites using SSL, just place a rule in your firewall ABOVE the deny all SSL rule. The sites you want to allow over port 443 will be granted access, but all other sites using SSL would be blocked. Would this work?


    Just out of curiousity, why would you want to block email sites using SSL?
    · Share on FacebookShare on Twitter
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Good luck with that
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
    · Share on FacebookShare on Twitter
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    What hardware do you already have in place?
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
    · Share on FacebookShare on Twitter
  • shednikshednik Member Posts: 2,005
    Depending on your current proxy solution you may be able to do some type of classification where if in "webmail" catagory and is using https then block. I am also curious why you would want to block secured webmail versus unsecured, it doesn't make much sense to me.
    · Share on FacebookShare on Twitter
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    If they already have a network sensor of some sort in place (Snort, hardware IDS/IPS etc.) then encrypted email represents more of a risk as it cannot be inspected.....It's not that much safer but it's the only reason I can think why you'd block secure email only.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
    · Share on FacebookShare on Twitter
  • JDMurrayJDMurray Admin Posts: 13,089 Admin
    Do you want to monitor the information in all outbound network communications and disallow SSL connections whose content can't be recorded? Would include other sort of encrypted communications, such as IM services using OTR? You're looking at an expensive application (Web) proxy solution to do that. And you'll need to filter a lot more ports than just 443 and 80.
    Forum Admin at www.techexams.net
    --
    Credly
    LinkedIn
    Twitter
    · Share on FacebookShare on Twitter
Sign In or Register to comment.