Re: Cyber Monday

In article <KY2dnWeTRbnUFNPanZ2dnUVZ8uCdnZ2d@xxxxxxxxx>, brian.cryer@
127.0.0.1.ntlworld.com says...
"Leythos" <void@xxxxxxxxxxx> wrote in message
news:MPG.21b7f5a98518a04d989875@xxxxxxxxxxxxxxxxxxxx
In article <fil90u$gnm$1@xxxxxxxx>, chilly8@xxxxxxxxxxx says...
However, proxies, are sprouting up like weeds so fast that the
filteirng companies cannot keep up with them half the time.
Proxies come and go at such a huge rate, that they cannot keep
with them. And my proxy is one of thousands of them being
operated as public proxies.

And a properly configured firewall solution does not need a "Filtering
Company" to identify them in order to prevent access to them.

As a matter of fact, all quality firewall appliances can block all
outbound access by default and then permit the admins to create rules
that allow access to "approved" sites only. Since the approved sites are
not proxy sites, there is no way for the user to abuse the company
resources and access yours or anyone else's services.

Is that practical? I don't want to have to draw up a list of approved sites
for my company, the list would be almost never ending because many of our
staff use the internet for research which means they could legitimately end
up going almost anywhere.

Yea, and it's what should be done. If you have a select group that does
research, using the web, you could (and should) create a different HTTP
rule for them, allowing them access to ALL of the web, but restrict them
using content/other filters to block most of the crap. The generic users
and others would fall under the block all except business rule.

We do this with managers in most companies, permit them to authenticate
with the firewall, or have their PC's in a reserved area (IP), and have
different rules for managers.

Either way, spotting an abuser is simple.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.

Relevant Pages

  • Re: Blocking facebook and myspace
    ... proxies) but for facebook i can't figure that one out. ... With a proper firewall you can allow one group of computers to have XYZ ... Reservations) and apply rule xyz to them, then all others would get abc ... Calling an illegal alien an "undocumented worker" is like calling a ...
    (microsoft.public.windows.server.sbs)
  • Re: Kernel panic with PF
    ... I am deploying FreeBSD based application proxies' based firewall ... panics of RELENG_6_1 under load. ... I've got two machines in a carp cluster and the transparent proxies use ... The machines are SMP and were running SMP kernel. ...
    (freebsd-stable)
  • Re: Kernel panic with PF
    ... I am deploying FreeBSD based application proxies' based firewall ... I've got two machines in a carp cluster and the transparent proxies use ... The machines are SMP and were running SMP kernel. ... page fault while in kernel mode ...
    (freebsd-stable)
  • Re: [fw-wiz] How automate firewall tests
    ... And you can equally argue that proxies were never good to begin ... Really - the majority of applications out there have no real ... of attacks currently being fielded are above the packet layer. ... The architecture of a "good firewall" would be some kind of layer-7 ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Application Intelligent vs ALG
    ... Firewall Architectures. ... Senior Security Engineer ... Check Point's marketing says proxies are ... But none of the three folks from CP replied to me. ...
    (Firewall-Wizards)