External proxy technologies can also circumvent company filters that block access to Web-based email and IM. Since both email and instant messaging are vectors for viruses, spyware, malware and other malicious traffic, these sites pose additional risks to the company. And it's not just about what's coming in. By avoiding company filters, employees can maliciously or accidentally send sensitive data outside of the company, too.
Proxies allow all of this unauthorized activity to take place unnoticed. With such services, all that appears on your Web logs are connections to the proxy, which appears as an innocuous external Web site. The IP address of the inappropriate Web site or email provider appears on the proxies' logs, not yours.
As you correctly note, the Web sites that list these proxies are just as much of a threat to the enterprise as the proxies they list. But both can be blocked by commonly available Web and content filtering tools. Two leading content filter vendors are Websense and Blue Coat. Their products, in particular, can be configured especially to block proxies.
These tools can also block the Web sites that post lists of available proxies. The filters can be adjusted to detect new sites that might crop up, blocking sites, for example, that might have the word "proxy" embedded in the URL. They both have regular update features as well.
Another software provider that produces content monitoring tools is Vericept. Like Websense and Blue Coat, Vericept's products can be adjusted to block proxy sites. Between these three products, you should be able to combat malicious proxy use at your company.
But the proxies themselves and the sites that list them are tricky to detect. They often move around, change their IP addresses or shut down suddenly only to open up shop undetected somewhere else. That might explain some of the problems you're having.
This was first published in March 2007