Security Basics mailing list archives
Re: Restricting Open Proxies
From: krymson () gmail com
Date: 19 Jun 2007 20:15:05 -0000
If the Symantec proxy has a blacklist for restricting the use of other open proxies on the Internet, you could turn that on. But be aware this is just a blacklist, meaning it must be kept up to date or you're giving yourself a false sense of security. You may reduce your risk of people using known proxies, but you don't prevent someone from using a private one. In fact, I don't think you can truly stop this kind of behavior. At least you have everyone in the corporate network using a proxy you enforce, but beyond that they likely can connect anywhere they want, no? It might be a better value to implement the policy saying no open proxies should be used, be sure to log what people do through your proxy, and use those two to prosecute any violators later on. This might be one of those areas where prevention is just not possible, but being able to verify use after an incident is paramount. If I use a proxy to send some of your confidential information to my house, and you find out I'm doing that, you can then correlate my actions with my use of the open proxy in your proxy server. Thinking further, perhaps browser histories will still show the URLs visited, including sites visited through an open proxy? Again, this is more an audit function than prevention, from my point of view. <- snip -> We are in the process of strengthening our Information Security Policy. As part of this initiative we want to restrict access to Open Proxies from the Corporate Network. We are currently providing Internet Access through Symantec Web Security which also acts as a Proxy Server. The access to Open Proxies that keep floating in the wild is bothering us because it might ultimately lead to Information Leakage. Has any one of you faced the same issue? What are the best practices for the same? Any ideas or suggestions are most welcome.
Current thread:
- Restricting Open Proxies shailesh . rangari (Jun 19)
- Re: Restricting Open Proxies Samir Pawaskar (Jun 21)
- Open Source Router with NAT Mohamed Farid (Jun 28)
- Re: Open Source Router with NAT Dathan Bennett (Jun 30)
- Re: Open Source Router with NAT Nikhil Wagholikar (Jun 30)
- Open Source Router with NAT Mohamed Farid (Jun 28)
- <Possible follow-ups>
- Re: Restricting Open Proxies krymson (Jun 19)
- Re: Restricting Open Proxies Jay (Jun 22)
- Re: Restricting Open Proxies merigoth (Jun 22)
- Re: Restricting Open Proxies Jay (Jun 22)
- Re: Restricting Open Proxies Samir Pawaskar (Jun 21)