What are the best ways to block proxy server sites?

Proxy services allow employees to view unauthorized content, but the proxies themselves and the sites that list them are tricky to detect. In this SearchSecurity.com Q&A, learn how some content monitoring tools can help block proxy server sites.

I have an issue with proxy sites that can be used to circumvent blocking techniques. Do you know why this is, and...

what can I do to overcome this obstacle?

Your concerns are valid about both proxy services and sites that publish lists of available proxy servers. These can be a danger to enterprise security. With these services, employees can bypass firewalls and filters and access unauthorized content -- gambling and pornography sites, for example -- that are legal liabilities to the company.

External proxy technologies can also circumvent company filters that block access to Web-based email and IM. Since both email and instant messaging are vectors for viruses, spyware, malware and other malicious traffic, these sites pose additional risks to the company. And it's not just about what's coming in. By avoiding company filters, employees can maliciously or accidentally send sensitive data outside of the company, too.

Proxies allow all of this unauthorized activity to take place unnoticed. With such services, all that appears on your Web logs are connections to the proxy, which appears as an innocuous external Web site. The IP address of the inappropriate Web site or email provider appears on the proxies' logs, not yours.

As you correctly note, the Web sites that list these proxies are just as much of a threat to the enterprise as the proxies they list. But both can be blocked by commonly available Web and content filtering tools. Two leading content filter vendors are Websense and Blue Coat. Their products, in particular, can be configured especially to block proxies.

These tools can also block the Web sites that post lists of available proxies. The filters can be adjusted to detect new sites that might crop up, blocking sites, for example, that might have the word "proxy" embedded in the URL. They both have regular update features as well.

Another software provider that produces content monitoring tools is Vericept. Like Websense and Blue Coat, Vericept's products can be adjusted to block proxy sites. Between these three products, you should be able to combat malicious proxy use at your company.

But the proxies themselves and the sites that list them are tricky to detect. They often move around, change their IP addresses or shut down suddenly only to open up shop undetected somewhere else. That might explain some of the problems you're having.

More information:

  • Learn the difference between proxy servers and proxy firewalls.
  • How well do content filtering tools limit network traffic? Mike Chapple explains in this SearchSecurity.com Q&A.
This was last published in March 2007

Dig Deeper on Real-time network monitoring and forensics