Home page logo
/

basics logo Security Basics mailing list archives

Fwd: Risks/dangers of unauthorized web proxy
From: "kevin fielder" <kevin.fielder () gmail com>
Date: Tue, 14 Aug 2007 09:04:47 +0100

Hi

In addition to the below (which should be implemented as best practice
for most users anyway), if possible only allow web access out or your
network via a proxy that requires authentication.

Most solutions will integrate with directory services such as AD, so do
not actually require users to re-enter any credentials.

Even if a user then manages to install a proxy that puts their
credentials onto the requests from the unauthorized user this would mean
that their login was identifiable as trying to access any pages that the
unauthorized user was accessing.  This would potentially make them
liable for any inappropriate content accessed via their proxy.

Reports from your proxy can also be produced that highlight high usage -
you could then investigate what is installed on any machines that appear
to have the highest web use to ensure they are not acting as proxies for
others.

The combination of published policies stating that this isn't permitted
with the proven ability to catch people should combine to deter most
people from installing proxies.

Cheers

K



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Mngadi, Simphiwe (SS)
Sent: 13 August 2007 11:22
To: julesgoolia () yahoo com; security-basics () securityfocus com
Subject: RE: Risks/dangers of unauthorized web proxy

Probably the first thing to do is to restrict users from installing
programs. They must log a call so that only authorized programs are
installed (software security policy should be in place and acknowledge).
users who don't adhere to the security policy should be disciplined.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of julesgoolia () yahoo com
Sent: 09 August 2007 08:48 AM
To: security-basics () securityfocus com
Subject: Risks/dangers of unauthorized web proxy

Hi! I am a new security analyst and have not been exposed to the
technical side of security.



I would like to ask about the risks/dangers from unauthorized proxies.
Some employees in our company   install programs in their workstations
to serve as proxy to other workstations that have not been given
Internet access.



Many thanks!





------------------------------------------------------------------------
----
NOTICE: Please note that this eMail, and the contents thereof,
is subject to the standard Sasol eMail legal notice which may be found
at:
http://www.sasol.com/legalnotices


If you cannot access the legal notice through the URL attached and you
wish
to receive a copy thereof please send an eMail to
legalnotice () sasol com
------------------------------------------------------------------------
----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault