Educause Security Discussion mailing list archives
Re: Blocking Proxy/HTTP Tunneliing servers
From: "Tran , Lieu D" <ldtran () TULANE EDU>
Date: Tue, 7 Feb 2006 10:09:07 -0600
At my previous employer, we used Websense with Microsoft ISA Server. Websense uses AD to authenticate the user before they can access the Internet. Websense is very pricy but it is a very mature product. Leo Tran, CISSP Tulane University Katrina Country _____ From: George Bailey [mailto:gbailey () ivytech edu] Sent: Tuesday, February 07, 2006 9:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Blocking Proxy/HTTP Tunneliing servers Websense doesn't require interaction with a firewall, but it does need a cache device of some kind (Cisco Content Engine, Squid, bluecoat, etc) --gb ---------------------- George Bailey Information Security Ivy Tech Community College of Indiana Indianapolis, Indiana PH: 317.921.4526 _____ From: Justin Dover [mailto:dover () HARPETHHALL ORG] Sent: Tuesday, February 07, 2006 10:27 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Blocking Proxy/HTTP Tunneliing servers The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on Monday, February 06, 2006 at 4:07 PM -0600 wrote: Hi Justin To do centralized filtering - which is really the only way to go - you are probably going to have to spend some money. The commercial solution that really does a good job is Websense. (www.websense.com). We use it at Harding. There is an appliance sold by "8e6" (www.8e6.com), but I have no experience with it. Another product called N2H2 is sold by Secure Computing (www.securecomputing.com). It has been used by the state of Arkansas to do some filtering for their k-12 clients and others. They actually sell two products. The K-12 version is called "Bess" and the more extensive product is called "Sentian". That's about all I know. Cyberpatrol has a centralized solution as well but their database filtered only about 70% of the objectionable sites when we used it about 5 years back. They may have improved. Software solutions like Websense require an interaction with a firewall to implement their filtering. We use Cisco Pix with Websense. For K-12, there are also products out there that work the opposite of filters. They provide a database of sites that have been researched and OK'ed for use and block everything else. I don't have any experience with these products but it sounds like a good idea for some applications. John Nunnally Harding University Great info John. Thank you very much. Justin Dover Harpeth Hall School 615-346-0082
Attachment:
smime.p7s
Description:
Current thread:
- Re: Blocking Proxy/HTTP Tunneliing servers, (continued)
- Re: Blocking Proxy/HTTP Tunneliing servers Valdis Kletnieks (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers O'Callaghan, Daniel (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Cal Frye (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Nunnally (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Nunnally (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Stauffacher (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers George Bailey (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Tran , Lieu D (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Jeni Li (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers David P. Allen (Feb 09)