General discussion

Locked

Students bypassing filtering

By cporter ·
I work for a large school district. We have a problem with students and teachers byapssing our filtering system (websense). They are simply entering in a proxy server into the browser and it's past the firewall etc. The machines in question are personal laptops and old win9x machines so the group policy isnt an option. We do not have any kind of network registration system in place either. Does anyone know how to prevent this? We are running a PIX firewall version 7. Any help would be greatly appreciated.

Chris

This conversation is currently closed to new comments.

15 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by TonytheTiger In reply to Students bypassing filter ...

Can't you just have websense block proxy servers?

Collapse -

Get a Sonicwall

by royceb1 In reply to

We represent several school districts that HAD the same problem. We installed the Sonicwall appliance and configured them as required to filter and block. WORKS GREAT.

Collapse -

sonicwall issues

by tombrend In reply to Get a Sonicwall

Sonicwall has immense issues with improperly blocking sites and being easily circumvented. Google caches of blocked sites are not blocked unless google is blocked completly, and proxies such as proxify are easily accessed by using https protocol on an http site: the added s causes sonicwall to overlook it.

Collapse -

proxy blocking

by witch_walker In reply to

yes, you can. the school my daughter goes to blocks everytning from hacking to websense avoidance and proxy servers.

Collapse -

You're Clueless

by brianfurtado In reply to proxy blocking

Do you listen to yourself when you talk? Get this straight... it takes weeks/months to accurately fix holes in blocking programs, but only hours to create them. You may THINK that your daughter's school blocks hack attacks and proxies, but it's called hacking for a reason. There's a great program out there called ultrasurf... it is virtually impossible to block. That's the very same program that the chinese population mainly uses to bypass the CHINESE GOVERNMENT'S blocks. If they can't block Usurf, neither can you

Collapse -

Jeez, calm down ...

by Bizzo In reply to You're Clueless

Maybe things have changed since May 2005.

Collapse -

Blacklist the proxy

by jmgarvin In reply to Students bypassing filter ...

Check on the web for proxy blacklisting that will nip this in the bud.

Collapse -

for a while....

by ---TK--- In reply to Blacklist the proxy
Collapse -

use the firewall as gateway

by vishal_saxena02 In reply to Students bypassing filter ...

re-organise the topology in such a way that firewall becomes the gateway to the proxy server. That is, any access to proxy server should be via the firewalls.
Also, block those sites in the proxy server. you can use SQUID as your proxy server. it comes with list of blacklisted sites, and you can add more.

Collapse -

Topology Change 2

by lesko In reply to Students bypassing filter ...

Setup your PIX to only allow outbound traffic from a certain subnet coming in from one of its internal ports. The these internal ports would be the users you want to get out freely and one of them would be the websense box. The rest of the traffic route them over to the websense box.

regular traffic --> default gateway --> websense --> pix --> Internet

special traffic --> default gateway --> pix --> Internet

the default gateway could be the same as the pix

Back to Security Forum
15 total posts (Page 1 of 2)   01 | 02   Next

Security Forums