mailing list archives
Re: Risks/dangers of unauthorized web proxy
From: Isaac Perez Moncho <suscripcions () tsolucio com>
Date: Thu, 09 Aug 2007 21:09:06 +0200
There a many risk of permiting that:
-Undesired software (vulnerabilities, possible malware,
misconfigurations, worst computer working, increase of needed support,
etc...) installed by non authorized people
-Undesired access to Internet from people without authorization
(malware, malware, malware, leak of information, maybe loss of
-Computers without enough protection surfing the web (malware)
-Policies that are not enforced (difficult to enforce other policies, as
the people see it happens anything if they do what they want, loss of
authority from IT/security group)
-Legal problems or problems with other companies. If can be accessed
from internet can be used for attacking other hosts, and you will seem
the source of the attack. Being added to blacklists, access denied by
you own ISP, etc....
As you see there are many, many problems of allowing that.
If I were you the first I'll did is to get management permission to
enforce two policies:
-Only install permitted software by allowed people
-Only acces to the resources you need.
If you can't get the support of management,as high as you can, you lost
the battle from the beginning
En/na julesgoolia () yahoo com ha escrit:
Hi! I am a new security analyst and have not been exposed to the technical side of security.
I would like to ask about the risks/dangers from unauthorized proxies. Some employees in our company install
programs in their workstations to serve as proxy to other workstations that have not been given Internet access.