I have an issue with proxy sites that can be used to circumvent blocking techniques. Do you know why this is, and what can I do to overcome this obstacle?
Your concerns are valid about both proxy services and sites that publish lists of available proxy servers. These can be a danger to enterprise security. With these services, employees can bypass firewalls and filters and access unauthorized content -- gambling and pornography sites, for example -- that are legal liabilities to the company.
External proxy technologies can also circumvent company filters that block access to Web-based email and IM. Since both email and instant messaging are vectors for viruses, spyware, malware and other malicious traffic, these sites pose additional risks to the company. And it's not just about what's coming in. By avoiding company filters, employees can maliciously or accidentally send sensitive data outside of the company, too.
Proxies allow all of this unauthorized activity to take place unnoticed. With such services, all that appears on your Web logs are connections to the proxy, which appears as an innocuous external Web site. The IP address of the inappropriate Web site or email provider appears on the proxies' logs, not yours.
As you correctly note, the Web sites that list these proxies are just as much of a threat to the enterprise as the proxies they list. But both can be blocked by commonly available Web and content filtering tools. Two leading content filter vendors are Websense and Blue Coat. Their products, in particular, can be configured especially to block proxies.
These tools can also block the Web sites that post lists of available proxies. The filters can be adjusted to detect new sites that might crop up, blocking sites, for example, that might have the word "proxy" embedded in the URL. They both have regular update features as well.
Another software provider that produces content monitoring tools is Vericept. Like Websense and Blue Coat, Vericept's products can be adjusted to block proxy sites. Between these three products, you should be able to combat malicious proxy use at your company.
But the proxies themselves and the sites that list them are tricky to detect. They often move around, change their IP addresses or shut down suddenly only to open up shop undetected somewhere else. That might explain some of the problems you're having.
Dig Deeper on Real-time network monitoring and forensics
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ... Continue Reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ... Continue Reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.