Security Basics mailing list archives
Fwd: Risks/dangers of unauthorized web proxy
From: "kevin fielder" <kevin.fielder () gmail com>
Date: Tue, 14 Aug 2007 09:04:47 +0100
Hi In addition to the below (which should be implemented as best practice for most users anyway), if possible only allow web access out or your network via a proxy that requires authentication. Most solutions will integrate with directory services such as AD, so do not actually require users to re-enter any credentials. Even if a user then manages to install a proxy that puts their credentials onto the requests from the unauthorized user this would mean that their login was identifiable as trying to access any pages that the unauthorized user was accessing. This would potentially make them liable for any inappropriate content accessed via their proxy. Reports from your proxy can also be produced that highlight high usage - you could then investigate what is installed on any machines that appear to have the highest web use to ensure they are not acting as proxies for others. The combination of published policies stating that this isn't permitted with the proven ability to catch people should combine to deter most people from installing proxies. Cheers K -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mngadi, Simphiwe (SS) Sent: 13 August 2007 11:22 To: julesgoolia () yahoo com; security-basics () securityfocus com Subject: RE: Risks/dangers of unauthorized web proxy Probably the first thing to do is to restrict users from installing programs. They must log a call so that only authorized programs are installed (software security policy should be in place and acknowledge). users who don't adhere to the security policy should be disciplined. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of julesgoolia () yahoo com Sent: 09 August 2007 08:48 AM To: security-basics () securityfocus com Subject: Risks/dangers of unauthorized web proxy Hi! I am a new security analyst and have not been exposed to the technical side of security. I would like to ask about the risks/dangers from unauthorized proxies. Some employees in our company install programs in their workstations to serve as proxy to other workstations that have not been given Internet access. Many thanks! ------------------------------------------------------------------------ ---- NOTICE: Please note that this eMail, and the contents thereof, is subject to the standard Sasol eMail legal notice which may be found at: http://www.sasol.com/legalnotices If you cannot access the legal notice through the URL attached and you wish to receive a copy thereof please send an eMail to legalnotice () sasol com ------------------------------------------------------------------------ ----
Current thread:
- Risks/dangers of unauthorized web proxy julesgoolia (Aug 09)
- Re: Risks/dangers of unauthorized web proxy Isaac Perez Moncho (Aug 10)
- Re: Risks/dangers of unauthorized web proxy Steve Olive (Aug 10)
- RE: Risks/dangers of unauthorized web proxy Mngadi, Simphiwe (SS) (Aug 13)
- Message not available
- Fwd: Risks/dangers of unauthorized web proxy kevin fielder (Aug 14)
- Message not available
- <Possible follow-ups>
- Re: Risks/dangers of unauthorized web proxy estoesunapija (Aug 09)
- Re: Risks/dangers of unauthorized web proxy Steve Olive (Aug 16)
- RE: Risks/dangers of unauthorized web proxy William Holmberg (Aug 16)