Educause Security Discussion mailing list archives
Re: Blocking Proxy/HTTP Tunneliing servers
From: John Nunnally <Nunnally () HARDING EDU>
Date: Mon, 6 Feb 2006 16:07:05 -0600
Hi Justin To do centralized filtering which is really the only way to go - you are probably going to have to spend some money. The commercial solution that really does a good job is Websense. (www.websense.com). We use it at Harding. There is an appliance sold by 8e6 (www.8e6.com), but I have no experience with it. Another product called N2H2 is sold by Secure Computing (www.securecomputing.com). It has been used by the state of Arkansas to do some filtering for their k-12 clients and others. They actually sell two products. The K-12 version is called Bess and the more extensive product is called Sentian. Thats about all I know. Cyberpatrol has a centralized solution as well but their database filtered only about 70% of the objectionable sites when we used it about 5 years back. They may have improved. Software solutions like Websense require an interaction with a firewall to implement their filtering. We use Cisco Pix with Websense. For K-12, there are also products out there that work the opposite of filters. They provide a database of sites that have been researched and OK'ed for use and block everything else. I don't have any experience with these products but it sounds like a good idea for some applications. John Nunnally Harding University ________________________________________ From: Justin Dover [mailto:dover () HARPETHHALL ORG] Sent: Monday, February 06, 2006 11:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Blocking Proxy/HTTP Tunneliing servers The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on Monday, February 06, 2006 at 11:53 AM -0600 wrote: You know all the usual suspects - cybersitter, cyber patrol, surfwatch, netnanny etc... I think these are all clients that must be installed on each user's machine. I am looking for a global solution that installs at the perimeter of the network. A few ideas of course are proxy servers/content filtering services like Websense. I do agree with maintaining my own list of "bad" ips is a losing battle. Justin Dover Harpeth Hall School 615-346-0082
Current thread:
- Re: Blocking Proxy/HTTP Tunneliing servers, (continued)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Christopher Chow (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Valdis Kletnieks (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers O'Callaghan, Daniel (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Cal Frye (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Nunnally (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Nunnally (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers John Stauffacher (Feb 06)
- Re: Blocking Proxy/HTTP Tunneliing servers Justin Dover (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers George Bailey (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Tran , Lieu D (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Jeni Li (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers Graham Toal (Feb 07)
- Re: Blocking Proxy/HTTP Tunneliing servers David P. Allen (Feb 09)