I have an issue with proxy sites that can be used to circumvent blocking techniques. Do you know why this is, and...
what can I do to overcome this obstacle?
Your concerns are valid about both proxy services and sites that publish lists of available proxy servers. These can be a danger to enterprise security. With these services, employees can bypass firewalls and filters and access unauthorized content -- gambling and pornography sites, for example -- that are legal liabilities to the company.
External proxy technologies can also circumvent company filters that block access to Web-based email and IM. Since both email and instant messaging are vectors for viruses, spyware, malware and other malicious traffic, these sites pose additional risks to the company. And it's not just about what's coming in. By avoiding company filters, employees can maliciously or accidentally send sensitive data outside of the company, too.
Proxies allow all of this unauthorized activity to take place unnoticed. With such services, all that appears on your Web logs are connections to the proxy, which appears as an innocuous external Web site. The IP address of the inappropriate Web site or email provider appears on the proxies' logs, not yours.
As you correctly note, the Web sites that list these proxies are just as much of a threat to the enterprise as the proxies they list. But both can be blocked by commonly available Web and content filtering tools. Two leading content filter vendors are Websense and Blue Coat. Their products, in particular, can be configured especially to block proxies.
These tools can also block the Web sites that post lists of available proxies. The filters can be adjusted to detect new sites that might crop up, blocking sites, for example, that might have the word "proxy" embedded in the URL. They both have regular update features as well.
Another software provider that produces content monitoring tools is Vericept. Like Websense and Blue Coat, Vericept's products can be adjusted to block proxy sites. Between these three products, you should be able to combat malicious proxy use at your company.
But the proxies themselves and the sites that list them are tricky to detect. They often move around, change their IP addresses or shut down suddenly only to open up shop undetected somewhere else. That might explain some of the problems you're having.
- Learn the difference between proxy servers and proxy firewalls.
- How well do content filtering tools limit network traffic? Mike Chapple explains in this SearchSecurity.com Q&A.
Dig Deeper on Real-time network monitoring and forensics
Related Q&A from Joel Dubin
Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums ... Continue Reading
Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good ... Continue Reading
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ... Continue Reading