Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Blocking Proxy/HTTP Tunneliing servers

From: Cal Frye <cjf () CALFRYE COM>
Date: Mon, 6 Feb 2006 15:47:44 -0500
Surfcontrol at least used a bypass system. The way we used it at the boarding
school I used to work for was this: it sat on a hub where it could see all the
Internet traffic, you could use a span port with modern technology ;-)
When it saw traffic to a blocked site, it sent a reply ("Access Denied!") to the
requestor and a cancel to the remote host. Neatly done, without introducing a
failure point.

The down side was that it's nearly impossible for even a company like that to
keep up with the blocked site list :-(

--Cal Frye, Network Administrator, Oberlin College
   www.calfrye.com, www.pitalabs.com, www.ouuf.org

  "Before me things create were none, save things Eternal, and eternal I endure.
All hope abandon ye who enter here."


Justin Dover wrote:

*The EDUCAUSE Security Discussion Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
on Monday, February 06, 2006 at 11:53 AM -0600 wrote:
*You know all the usual suspects - cybersitter,
cyber patrol, surfwatch, netnanny etc...

I think these are all clients that must be installed on each user's
machine.  I am looking for a global solution that installs at the
perimeter of the network.  A few ideas of course are proxy
servers/content filtering services like Websense.  I do agree with
maintaining my own list of "bad" ips is a losing battle.

Justin Dover
Harpeth Hall School
615-346-0082
Previous By Date Next
Previous By Thread Next

Current thread: