Re: [squid-users] anonymous proxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 05 Nov 2009 13:58:40 +1300

On Wed, 04 Nov 2009 09:59:43 -0200, Marcus Kool
<marcus.kool_at_urlfilterdb.com> wrote:
> Everybody is entitled to have its own opinion and I respect them.
>
> I agree that a company should have a internet usage policy and
> communicate this clearly with all staff.
>
> Nevertheless, there are many persons who simply do not obey such
> policy and tracking those persons consumes too much time from
> a network department. Therefore many companies have implemented
> URL filters to block unauthorized access to proxies, adult, sport,
> entertainment or whatever is unauthorized.
> Most URL filters also block SSH tunnels, VPNs to a home computer
> and so forth. These types of tunnels are a security nightmare.
>
> A URL filter is definitely a good option and a doomed success.
>
> Regards
> Marcus

Hi Marcus,

I think you are misunderstanding Henrik and the others comments a little.

They are not arguing opinions. They are simply stating the requirements.
Yours is the first posting to contain personal opinion on the subject.

An AUP policy is not a personal opinion or joke. It is a serious legal
requirement to have some form of service agreement publicly available and
in writing before going down the blocking track. Blocking and filtering
access to _anything_ otherwise public is controversial and can lead into
difficult situations technically, legally and commercially. When you reach
the point of kicking people off your network for evading the blocks and
filters you need grounds to do so. It _will_ happen.

Amos

>
> Henrik Nordstrom wrote:
>> tis 2009-11-03 klockan 07:43 -0800 skrev espoire20:
>>
>>> I have my Server proxy under Squid work very well but in the last time
>>> the
>>> users start to use anonymous proxy that allow users to connect to the
>>> Internet via an external site and bypass restrictions , so if you know
>>> some
>>> blocking tools under squid or linux to stop this big problem
>>
>> The first and primary tool you need is an agreed and enforceable terms
>> of use which clearly states that the users are not allowed to try to
>> bypass the access restrictions.
>>
>> Then set up a blacklist of known proxy sites, responding with a clear
>> message in the line of "Terms of use / Policy violation. Your
>> unauthorized access have been reported to management".
>>
>> Then if users continue to intentionally ignore the rules then suitable
>> action needs to be taken administratively. When this has been done once
>> or twice the rest usually learns not to do the same..
>>
>> Trying to fight this purely technical is a doomed failure. If the users
>> want to bypass the rules and know it's entirely safe to do so then they
>> will continue and all you end up with is a technical war between you as
>> technical maintainer of the restrictions and your users trying to find
>> ways to bypass whatever technical means you set up to implement the
>> restrictions.
>>
>> Regards
>> Henrik
>>
>>
>>
>>
Received on Thu Nov 05 2009 - 00:58:46 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 05 2009 - 12:00:03 MST