Q

What are the best ways to block proxy server sites?

Proxy services allow employees to view unauthorized content, but the proxies themselves and the sites that list them are tricky to detect. In this SearchSecurity.com Q&A, learn how some content monitoring tools can help block proxy server sites.

I have an issue with proxy sites that can be used to circumvent blocking techniques. Do you know why this is, and

what can I do to overcome this obstacle?

Your concerns are valid about both proxy services and sites that publish lists of available proxy servers. These can be a danger to enterprise security. With these services, employees can bypass firewalls and filters and access unauthorized content -- gambling and pornography sites, for example -- that are legal liabilities to the company.

External proxy technologies can also circumvent company filters that block access to Web-based email and IM. Since both email and instant messaging are vectors for viruses, spyware, malware and other malicious traffic, these sites pose additional risks to the company. And it's not just about what's coming in. By avoiding company filters, employees can maliciously or accidentally send sensitive data outside of the company, too.

Proxies allow all of this unauthorized activity to take place unnoticed. With such services, all that appears on your Web logs are connections to the proxy, which appears as an innocuous external Web site. The IP address of the inappropriate Web site or email provider appears on the proxies' logs, not yours.

As you correctly note, the Web sites that list these proxies are just as much of a threat to the enterprise as the proxies they list. But both can be blocked by commonly available Web and content filtering tools. Two leading content filter vendors are Websense and Blue Coat. Their products, in particular, can be configured especially to block proxies.

These tools can also block the Web sites that post lists of available proxies. The filters can be adjusted to detect new sites that might crop up, blocking sites, for example, that might have the word "proxy" embedded in the URL. They both have regular update features as well.

Another software provider that produces content monitoring tools is Vericept. Like Websense and Blue Coat, Vericept's products can be adjusted to block proxy sites. Between these three products, you should be able to combat malicious proxy use at your company.

But the proxies themselves and the sites that list them are tricky to detect. They often move around, change their IP addresses or shut down suddenly only to open up shop undetected somewhere else. That might explain some of the problems you're having.

More information:

This was first published in March 2007

Dig deeper on Monitoring Network Traffic and Network Forensics

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close