Educause Security Discussion mailing list archives
Re: Blocking Proxy/HTTP Tunneliing servers
From: "David P. Allen" <allendp () PLU EDU>
Date: Thu, 9 Feb 2006 23:12:33 -0800
I can say that after deploying the N2H2 solution a couple of times in the last few years it also works pretty well. I'm involved in a triennial event involving a high school youth gathering with about 45,000 attendees split in two groups over 2 week long sessions. We deploy upwards of 600+ systems in a major convention center used by a variety of attendees for everything from general e-mail/web access to event specific tasks. The N2H2 folks have been nice enough to "loan" us the use of their solution for this that last two times (2003 & 2000). While the kids didn't have a lot of time to try getting around it we generally found the system handled this onslaught quite well. We are preparing for our next event now and I'll be reviewing our options with N2H2/Bess (now called SmartFilter) & others over the next couple of months so this is helpful for me as well. John Nunnally wrote:
Hi Justin To do centralized filtering – which is really the only way to go - you are probably going to have to spend some money. The commercial solution that really does a good job is Websense. (www.websense.com). We use it at Harding. There is an appliance sold by “8e6” (www.8e6.com), but I have no experience with it. Another product called N2H2 is sold by Secure Computing (www.securecomputing.com). It has been used by the state of Arkansas to do some filtering for their k-12 clients and others. They actually sell two products. The K-12 version is called “Bess” and the more extensive product is called “Sentian”. That’s about all I know. Cyberpatrol has a centralized solution as well but their database filtered only about 70% of the objectionable sites when we used it about 5 years back. They may have improved. Software solutions like Websense require an interaction with a firewall to implement their filtering. We use Cisco Pix with Websense. For K-12, there are also products out there that work the opposite of filters. They provide a database of sites that have been researched and OK'ed for use and block everything else. I don't have any experience with these products but it sounds like a good idea for some applications. John Nunnally Harding University ________________________________________ From: Justin Dover [mailto:dover () HARPETHHALL ORG] Sent: Monday, February 06, 2006 11:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Blocking Proxy/HTTP Tunneliing servers The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on Monday, February 06, 2006 at 11:53 AM -0600 wrote: You know all the usual suspects - cybersitter, cyber patrol, surfwatch, netnanny etc... I think these are all clients that must be installed on each user's machine. I am looking for a global solution that installs at the perimeter of the network. A few ideas of course are proxy servers/content filtering services like Websense. I do agree with maintaining my own list of "bad" ips is a losing battle. Justin Dover Harpeth Hall School 615-346-0082
-- David P. Allen Asst. Dir., Network & Communication Systems Pacific Lutheran University { (253) 535-7524 | "...one of the main causes of the fall of } { allendp () PLU edu | Rome was that, lacking zero, they had no } { www.plu.edu/~allendp | way to indicate successful termination of } { | their C programs." --Robert Firth }
Current thread:
- Re: Blocking Proxy/HTTP Tunneliing servers, (continued)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Cal Frye (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Nunnally (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Nunnally (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Stauffacher (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers George Bailey (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Tran , Lieu D (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Jeni Li (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers David P. Allen (Feb 09)