Re: Kids bypassing firewall via web proxy sites

"Ansgar -59cobalt- Wiechers" <usenet-2006@xxxxxxxxxxxxxxxx> wrote in message
news:4869eoFib44iU1@xxxxxxxxxxxxxxxxx
Don Kelloway wrote:
"Sebastian Gottschalk" <seppi@xxxxxxxxx> wrote:
Don Kelloway wrote:
In respect to the technical solution itself it should be understood
that when properly administered it leaves practically little, if any
possiblity for circumvention.

When it comes to content filtering and tunneling: You'd wish.

Tunneling is not escapable to detection and content filtering can be
applied. Maybe you ought to become more familiar with the content
filtering solutions that are available as opposed to what you think
they can and can't do.

*sigh*

Please read the thread. We're already through this discussion (including
each of its facets). And you're wrong.


HTTP traffic allowed outbound is to port 80 and HTTPS allowed outbound is to
specific IP's that are known. No other ports are allowed outbound and the
proxying of traffic is not allowed. For what HTTP traffic is allowed the
GET requests are inspected/filtered to immediately block known objectionable
sites by either IP address and domain name. Blocking is accomplished by
spoofing the content that would have been returned from the website to the
client and injecting this back onto the wire. Of the HTTP GET requests
inspected and allowed, such must be to a single site and this request is
logged. Anything that deviates from this format is blocked. With reports
reflecting IP addresses/site names, by requests made, by volume, etc.
traffic patterns may be discerned. If something doesn't look right, the IP
address or domain name can be added to a block list to prevent further
access.

If there is any tunneling going on in the above I'd like to see it, then
again if you're correct. I guess I won't.

--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your Security
on the Internet".


.

Relevant Pages

  • Re: Kids bypassing firewall via web proxy sites
    ... Tunneling is not escapable to detection and content filtering can be ... HTTP traffic allowed outbound is to port 80 and HTTPS allowed outbound is to ...
    (comp.security.firewalls)
  • Re: Kids bypassing firewall via web proxy sites
    ... When you're not doing whitelist filtering but blacklist filtering, ... kind of tunneling, if you can trust in the sites you have on your white ... your "Internet connection" then is none any more, ...
    (comp.security.firewalls)
  • Re: Restrict by UserAgent
    ... start filtering because of these suspicious requests or just let it go (don't ... filter for UserAgent). ... I would not automatically assume that the same caveat affects IIS ...
    (microsoft.public.inetserver.iis.security)
  • Re: Dont BOUNCE the list!
    ... I have received responses regarding filtering (requests for ... filtering, requests for greater granularity, requests for whitelists) ... The typical response is "We don't ...
    (Security-Basics)
  • Re: Kids bypassing firewall via web proxy sites
    ... When it comes to content filtering and tunneling: ... "If you think technology can solve your security problems, ...
    (comp.security.firewalls)