Educause Security Discussion mailing list archives

Re: Blocking Proxy/HTTP Tunneliing servers

From: John Nunnally <Nunnally () HARDING EDU>
Date: Mon, 6 Feb 2006 16:07:05 -0600

Hi Justin
To do centralized filtering  which is really the only way to go - you are
probably going to have to spend some money.  The commercial solution that
really does a good job is Websense. (www.websense.com). We use it at
Harding.

There is an appliance sold by 8e6 (www.8e6.com), but I have no experience
with it.

Another product called N2H2 is sold by Secure Computing
(www.securecomputing.com).  It has been used by the state of Arkansas to do
some filtering for their k-12 clients and others.  They actually sell two
products.  The K-12 version is called Bess and the more extensive product
is called Sentian.  Thats about all I know.

Cyberpatrol has a centralized solution as well but their database filtered
only about 70% of the objectionable sites when we used it about 5 years
back.  They may have improved.

Software solutions like Websense require an interaction with a firewall to
implement their filtering.  We use Cisco Pix with Websense.

For K-12, there are also products out there that work the opposite of
filters.  They provide a database of sites that have been researched and
OK'ed for use and block everything else.  I don't have any experience with
these products but it sounds like a good idea for some applications.

John Nunnally
Harding University


________________________________________
From: Justin Dover [mailto:dover () HARPETHHALL ORG] 
Sent: Monday, February 06, 2006 11:57 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Blocking Proxy/HTTP Tunneliing servers

The EDUCAUSE Security Discussion Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> on Monday, February 06, 2006 at 11:53 AM
-0600 wrote:
You know all the usual suspects - cybersitter,
cyber patrol, surfwatch, netnanny etc...

I think these are all clients that must be installed on each user's machine.
 I am looking for a global solution that installs at the perimeter of the
network.  A few ideas of course are proxy servers/content filtering services
like Websense.  I do agree with maintaining my own list of "bad" ips is a
losing battle.

Justin Dover
Harpeth Hall School
615-346-0082

Current thread:

Re: Blocking Proxy/HTTP Tunneliing servers, (continued)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Christopher Chow (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Valdis Kletnieks (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers O'Callaghan, Daniel (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Cal Frye (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Nunnally (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Nunnally (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Stauffacher (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers George Bailey (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Tran , Lieu D (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Jeni Li (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers David P. Allen (Feb 09)