Security Basics mailing list archives

RE: bypassing proxy

From: "Liam Downward" <ldownward () pervasivesolutions net>
Date: Mon, 26 Feb 2007 11:24:25 -0500

Depending on the web browser being used you can put in place a bypass,
that the web browser will treat the web site in question as local
address and not forward the request to the proxy server.

You can do this through group policies or locally if it IE

Or

If the web browser is Mozilla you can do this locally or pushing down a
pre configured all.js / pref.js files to the workstations via a logon
script.

Liam

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of nawalmiftahi () gmail com
Sent: Monday, February 26, 2007 6:57 AM
To: security-basics () securityfocus com
Subject: bypassing proxy

Hii all,
 i am a security admin with a financial instituation, there's one issue
which i would like to clarify , one of our user needs to access a
website ( a financial instituation) which he access by giving his
username and password+secureid, but the problem here is when he try to
access via a proxy (isa server) he's not able to access the above page,
and when the proxy is removed he's able to acces the page, the question
i wanted to ask you is what is the security issue if allowed by
bypassing the proxy or are there anyalternative , and if at all proxy is
bypassed , firewall is anywhere there at gateway, and all our port
blocking is at firewall and this proxy is used only for log collection
and some other stuff, 
    your early reply is highly appreciated .
                    Regards 

------------------------------------------------------------------------
---
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse.  Arm your
enterprise with BigFix, the single converged IT security and operations
engine. BigFix enables continuous discovery, assessment, remediation,
and enforcement for complex and distributed IT environments in real-time
from a single console.
Think what's next. Think BigFix. 

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/
ITNext/
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse.  Arm your
enterprise with BigFix, the single converged IT security and operations
engine. BigFix enables continuous discovery, assessment, remediation,
and enforcement for complex and distributed IT environments in real-time
from a single console.
Think what's next. Think BigFix.

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------

Current thread:

bypassing proxy nawalmiftahi (Feb 26)
- RE: bypassing proxy Liam Downward (Feb 26)
- Re: bypassing proxy Nick Owen (Feb 26)
- <Possible follow-ups>
- RE: bypassing proxy G. Purushotham Reddy (Feb 27)