Re: [squid-users] anonymous proxy

From: Marcus Kool <marcus.kool_at_urlfilterdb.com>
Date: Wed, 04 Nov 2009 09:59:43 -0200

Everybody is entitled to have its own opinion and I respect them.

I agree that a company should have a internet usage policy and
communicate this clearly with all staff.

Nevertheless, there are many persons who simply do not obey such
policy and tracking those persons consumes too much time from
a network department. Therefore many companies have implemented
URL filters to block unauthorized access to proxies, adult, sport,
entertainment or whatever is unauthorized.
Most URL filters also block SSH tunnels, VPNs to a home computer
and so forth. These types of tunnels are a security nightmare.

A URL filter is definitely a good option and a doomed success.

Regards
Marcus

Henrik Nordstrom wrote:
> tis 2009-11-03 klockan 07:43 -0800 skrev espoire20:
>
>> I have my Server proxy under Squid work very well but in the last time the
>> users start to use anonymous proxy that allow users to connect to the
>> Internet via an external site and bypass restrictions , so if you know some
>> blocking tools under squid or linux to stop this big problem
>
> The first and primary tool you need is an agreed and enforceable terms
> of use which clearly states that the users are not allowed to try to
> bypass the access restrictions.
>
> Then set up a blacklist of known proxy sites, responding with a clear
> message in the line of "Terms of use / Policy violation. Your
> unauthorized access have been reported to management".
>
> Then if users continue to intentionally ignore the rules then suitable
> action needs to be taken administratively. When this has been done once
> or twice the rest usually learns not to do the same..
>
> Trying to fight this purely technical is a doomed failure. If the users
> want to bypass the rules and know it's entirely safe to do so then they
> will continue and all you end up with is a technical war between you as
> technical maintainer of the restrictions and your users trying to find
> ways to bypass whatever technical means you set up to implement the
> restrictions.
>
> Regards
> Henrik
>
>
>
>
Received on Wed Nov 04 2009 - 11:59:50 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 05 2009 - 12:00:03 MST