Re: Risks/dangers of unauthorized web proxy

[Isaac Perez Moncho <suscripcions () tsolucio com>]

There a many risk of permiting that:
-Undesired software (vulnerabilities, possible malware, 
misconfigurations, worst computer working, increase of needed support, 
etc...) installed by non authorized people
-Undesired access to Internet from people without authorization 
(malware, malware, malware, leak of information, maybe loss of 
productivity, etc..)
-Computers without enough protection surfing the web (malware)
-Policies that are not enforced (difficult to enforce other policies, as 
the people see it happens anything if they do what they want, loss of 
authority from IT/security group)
-Legal problems or problems with other companies. If can be accessed 
from internet can be used for attacking other hosts, and you will seem 
the source of the attack. Being added to blacklists, access denied by 
you own ISP, etc....

As you see there are many, many problems of allowing that.
If I were you the first I'll did is to get management permission to 
enforce two policies:
-Only install permitted software by allowed people
-Only acces to the resources you need.
If you can't get the support of management,as high as you can, you lost 
the battle from the beginning



En/na julesgoolia () yahoo com ha escrit:
> Hi! I am a new security analyst and have not been exposed to the technical side of security.
>
> I would like to ask about the risks/dangers from unauthorized proxies.  Some employees in our company   install 
> programs in their workstations to serve as proxy to other workstations that have not been given Internet access.
>
> Many thanks!
>
>
>
>