Educause Security Discussion mailing list archives

Re: Blocking Proxy/HTTP Tunneliing servers

From: Ken Connelly <Ken.Connelly () UNI EDU>
Date: Mon, 6 Feb 2006 10:48:55 -0600

No web censorship here, either.  We may deal with known bot C&C
desitinations differently, but just about everything else is free to go to.

- ken

Joel Rosenblatt wrote:

Hi,

I can't answer this because we do not censor web access.

A bigger question in my mind is how many institutions think that
censorship of web access is acceptable and for what reasons?

Thanks,
Joel Rosenblatt

--On Monday, February 06, 2006 10:15 AM -0600 Justin Dover
<dover () harpethhall org> wrote:

I am curious to how you guys are handling these outside internet
proxies that are allowing students
to access websites that you specially block.  My situation is we
block a few websites via DNS
pointing the address to 127.0.0.1.  Students can use a number of
different sites to access these
blocked web addresses.  A few examples are [ http://www.unipeak.com
]www.unipeak.com and [
http://www.virtual-browser.com ]www.virtual-browser.com.

Do you just get a list of all the ips and web addresses and just add
them to your dns and firewall
ACLs?  Do you use a product like websense to handle all of this at a
content level?  I hoping there
is another way besides blocking each proxy server by ip.  I am a huge
fan of ACLs on my Cisco
ASA5510 but do not want to add several 100s just for this task.

Justin Dover
Harpeth Hall School
615-346-0082




Joel Rosenblatt, Senior Security Officer & Windows Specialist, CUIT
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel - You can't spell seCUrITy without CUIT



--
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373
It's much more important to know what you don't know than what you do know!

Current thread:

Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 06)
- <Possible follow-ups>
- Re: Blocking Proxy/HTTP Tunneliing servers Joel Rosenblatt (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Ken Connelly (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Gary Flynn (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Christopher Chow (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Valdis Kletnieks (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers O'Callaghan, Daniel (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 06)

(Thread continues...)