Re: [squid-users] anonymous proxy

From: Marcus Kool <marcus.kool_at_urlfilterdb.com>
Date: Thu, 05 Nov 2009 12:17:15 -0200

I stated that I agree with an internet usage policy or AUP policy.

Eh, I am really confused... What is the point of your reply ?

-Marcus

Amos Jeffries wrote:
> On Wed, 04 Nov 2009 09:59:43 -0200, Marcus Kool
> <marcus.kool_at_urlfilterdb.com> wrote:
>> Everybody is entitled to have its own opinion and I respect them.
>>
>> I agree that a company should have a internet usage policy and
>> communicate this clearly with all staff.
>>
>> Nevertheless, there are many persons who simply do not obey such
>> policy and tracking those persons consumes too much time from
>> a network department. Therefore many companies have implemented
>> URL filters to block unauthorized access to proxies, adult, sport,
>> entertainment or whatever is unauthorized.
>> Most URL filters also block SSH tunnels, VPNs to a home computer
>> and so forth. These types of tunnels are a security nightmare.
>>
>> A URL filter is definitely a good option and a doomed success.
>>
>> Regards
>> Marcus
>
>
> Hi Marcus,
>
> I think you are misunderstanding Henrik and the others comments a little.
>
> They are not arguing opinions. They are simply stating the requirements.
> Yours is the first posting to contain personal opinion on the subject.
>
> An AUP policy is not a personal opinion or joke. It is a serious legal
> requirement to have some form of service agreement publicly available and
> in writing before going down the blocking track. Blocking and filtering
> access to _anything_ otherwise public is controversial and can lead into
> difficult situations technically, legally and commercially. When you reach
> the point of kicking people off your network for evading the blocks and
> filters you need grounds to do so. It _will_ happen.
>
> Amos
>
>
>> Henrik Nordstrom wrote:
>>> tis 2009-11-03 klockan 07:43 -0800 skrev espoire20:
>>>
>>>> I have my Server proxy under Squid work very well but in the last time
>>>> the
>>>> users start to use anonymous proxy that allow users to connect to the
>>>> Internet via an external site and bypass restrictions , so if you know
>>>> some
>>>> blocking tools under squid or linux to stop this big problem
>>> The first and primary tool you need is an agreed and enforceable terms
>>> of use which clearly states that the users are not allowed to try to
>>> bypass the access restrictions.
>>>
>>> Then set up a blacklist of known proxy sites, responding with a clear
>>> message in the line of "Terms of use / Policy violation. Your
>>> unauthorized access have been reported to management".
>>>
>>> Then if users continue to intentionally ignore the rules then suitable
>>> action needs to be taken administratively. When this has been done once
>>> or twice the rest usually learns not to do the same..
>>>
>>> Trying to fight this purely technical is a doomed failure. If the users
>>> want to bypass the rules and know it's entirely safe to do so then they
>>> will continue and all you end up with is a technical war between you as
>>> technical maintainer of the restrictions and your users trying to find
>>> ways to bypass whatever technical means you set up to implement the
>>> restrictions.
>>>
>>> Regards
>>> Henrik
>>>
>>>
>>>
>>>
>
>
Received on Thu Nov 05 2009 - 14:17:23 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 05 2009 - 12:00:03 MST