Quiz answers: Blocking Web anonymizers

1. Answer: b. BoingBoing
"There's URL filtering technology that prevents employees from going to various sites," Joseph Cortale, (senior VP of worldwide sales and marketing for Vericept Corp.) said, "but there are some Web sites that tell employees how to circumvent these programs." He said one of those sites is the popular BoingBoing blog. Indeed, BoingBoing has an entire page dedicated to showing people how to "defeat censorware."

To learn how Web anonymizers are misused, read our news article: Web sites work to punch holes in corporate Web filters

2. Answer. a. 1/3
A third of security professionals said they must provide detailed reports on Internet surfing to management, some on a weekly basis.

To learn about 8e6's findings, read our news article: Wacky Web misuses highlight internal risks

3. Answer: b. An anonymizer is software installed on the server.
An anonymizer is a proxy that hides a user's real IP address – in this case, your company's IP address – from the Internet. It is software installed on the client that creates a virtual proxy that links either with a proxy network or to a public proxy server.

To learn about anonymizers, read our tip: Blocking Web anonymizers in the enterprise

4. Answer: False
You can detect them indirectly by reviewing intrusion detection system (IDS) logs for unusual traffic. This can point to malicious use of your network possibly caused by anonymizer use.

To learn how to detect Web anonymizers, read our tip: Blocking Web anonymizers in the enterprise

5. Answer: a. Firewalls
Policies only go so far and are easy to circumvent. Therefore, it's also important to block the downloading of software at your firewalls. This should be the rule for most employees, with limited exceptions only for IT staff and other individuals cleared by the information security department. Even then, firewall rules that allow downloads should be tightly restricted to prevent ordinary users from easily going around them.

To learn how to block Web anonymizers, read our tip: Blocking Web anonymizers in the enterprise

This was last published in June 2006

Dig Deeper on Web Server Threats and Countermeasures

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.