Vulnerability Development mailing list archives
Re: N2H2 Web Proxy/Filter appliance
From: crispin () WIREX COM (Crispin Cowan)
Date: Fri, 16 Jun 2000 23:43:07 -0700
Mark wrote:
Now : Change your browser settings from "use a proxy" to "Direct connection to the internet" and guess what? You've just disabled the censoring proxy in three seconds. Oh, great. Amazing what simple stupidity can do.Indeed. I've seen some of our kids get around some of the things that our webmasters have put up trying to "protect" certain web pages, and they did it in a matter of seconds. It's amusing :) That is one of several reasons we are using unrouted internal addresses and requiring all communications with the outside travel through proxy servers. You disable web proxy/filter server, you don't surf. :)
Hmmm ... are you allowing the workstations to SSH out? If so, then the kiddles can port forward a local port and surf on a remote, public proxy. If not, then how do you expect to do secure remote access? Bottom line: firewalls are UTTERLY USELESS at containing people on the inside. If they wanna get out, they will. The most vigorous example of this is Marcus Ranum's implementation of TCP/IP running on top of DNS requests. You CANNOT block someone on the inside from communicating data with the outside. It's fairly difficult just detecting such communication if they don't want you to find it. Crispin -- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
Current thread:
- N2H2 Web Proxy/Filter appliance Mark (Jun 15)
- Re: N2H2 Web Proxy/Filter appliance Alex Schuetz (Jun 16)
- Re: N2H2 Web Proxy/Filter appliance Mark (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Crispin Cowan (Jun 16)
- Re: Firewalls and stuff (Was about N2H2) Mark (Jun 17)
- Re: Firewalls and stuff (Was about N2H2) Crispin Cowan (Jun 17)
- (no subject) Bluefish (Jun 18)
- Re: N2H2 Web Proxy/Filter appliance Mark (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Alex Schuetz (Jun 16)
- Re: N2H2 Web Proxy/Filter appliance Eric Wanner (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Crispin Cowan (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Blue Boar (Jun 17)
- Re: N2H2 Web Proxy/Filter appliance Bluefish (Jun 18)
- HP LaserJet 4 Series Jet Direct Ryan Yagatich (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct Blue Boar (Jun 18)
- Re: HP LaserJet 4 Series Jet Direct (and others) Joel Michael (Jun 18)