Educause Security Discussion mailing list archives
Re: Blocking Proxy/HTTP Tunneliing servers
From: Graham Toal <gtoal () UTPA EDU>
Date: Tue, 7 Feb 2006 13:33:32 -0600
They'll try to work around the OS by using Knoppix or TRB, so disable booting from external and removable media. They'll try to enable booting from their CD or iPod, so set a BIOS password and put a lock on the case. Et cetera. Just don't underestimate their abilities if you have really determined students
Yup! Don't forget blocking physical access to the ethernet jacks if they bring in their own handhelds. And hopefully you don't have unauthenticated wireless. And re an earlier thread, they might install vmware player and set up a virtual machine that uses a different MAC, again bypassing your controls. Another place where locking down the switch ports to a single MAC is worth considering. 802.1x is probably the way to go. By the way no-one has mentioned yet that content filtering on SSL web pages doesn't work and never will, unless you break your security completely and have each client trust a private certificate which is also used by the proxy. The only fallback you have there is IP blocking of known proxies. I agree with an earlier sentiment that it's better to handle this by only implementing cursory controls at the technology level but strongly enforced controls at the policy level. Does need good detection to catch them though, so you still have half of the same problems. G
Current thread:
- Re: Blocking Proxy/HTTP Tunneliing servers, (continued)
- Re: Blocking Proxy/HTTP Tunneliing servers O'Callaghan, Daniel (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Cal Frye (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Nunnally (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Nunnally (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Stauffacher (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers George Bailey (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Tran , Lieu D (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Jeni Li (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers David P. Allen (Feb 09)