Educause Security Discussion mailing list archives

Re: Blocking Proxy/HTTP Tunneliing servers

From: George Bailey <gbailey () IVYTECH EDU>
Date: Tue, 7 Feb 2006 10:56:44 -0500

Websense doesn't require interaction with a firewall, but it does need a
cache device of some kind (Cisco Content Engine, Squid, bluecoat, etc)

--gb

----------------------
George Bailey
Information Security
Ivy Tech Community College of Indiana
Indianapolis, Indiana

PH: 317.921.4526



  _____

From: Justin Dover [mailto:dover () HARPETHHALL ORG]
Sent: Tuesday, February 07, 2006 10:27 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Blocking Proxy/HTTP Tunneliing servers


The EDUCAUSE Security Discussion Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> on Monday, February 06, 2006 at 4:07 PM
-0600 wrote:
Hi Justin
To do centralized filtering - which is really the only way to go - you are
probably going to have to spend some money.  The commercial solution that
really does a good job is Websense. (www.websense.com). We use it at
Harding.

There is an appliance sold by "8e6" (www.8e6.com), but I have no experience
with it.

Another product called N2H2 is sold by Secure Computing
(www.securecomputing.com).  It has been used by the state of Arkansas to do
some filtering for their k-12 clients and others.  They actually sell two
products.  The K-12 version is called "Bess" and the more extensive product
is called "Sentian".  That's about all I know.

Cyberpatrol has a centralized solution as well but their database filtered
only about 70% of the objectionable sites when we used it about 5 years
back.  They may have improved.

Software solutions like Websense require an interaction with a firewall to
implement their filtering.  We use Cisco Pix with Websense.

For K-12, there are also products out there that work the opposite of
filters.  They provide a database of sites that have been researched and
OK'ed for use and block everything else.  I don't have any experience with
these products but it sounds like a good idea for some applications.

John Nunnally
Harding University


Great info John.  Thank you very much.

Justin Dover
Harpeth Hall School
615-346-0082

Current thread:

Re: Blocking Proxy/HTTP Tunneliing servers, (continued)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Valdis Kletnieks (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers O'Callaghan, Daniel (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Cal Frye (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Nunnally (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Nunnally (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Stauffacher (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers George Bailey (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Tran , Lieu D (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Jeni Li (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers David P. Allen (Feb 09)