Locking down web access for businesses

Forums › IT Pro and developers › Locking down web access for businesses - Help Offered

jaymz

1132 posts

Uber Geek

#41051 8-Sep-2009 19:42

Hi guys,

More of a FYI for anyone out there who wants to lock down a companies internet access.

As you may or may not be aware, there are an absolute bucket load of Web Proxies/anonymizers out there designed to make surfing safer (or so some of them claim)

Well if you implement a proxy based web filtering system for a company, you may find your users will use these web proxies to get past it.

This is not so much of a problem if you implement a hardware/device based filtering system as these tend to scan the traffic rather than block based on text/URL. (EG SonicWall Enhanced OS, Marshal's 8e6 Proxy Blocker)

If you have this setup and you find that people are by-passing the setup then you have 3 options:

1. Add as many web proxies as you can to a blocked sites list (a never ending task as new sites are created around the clock)

2. Block all access to problem users and only allow them to access sites in a white list you create

3. Invest money into a hardware based filter (E.G. http://www.m86security.com/solutions/web_security/8e6-proxyblocker.asp)

For those who don't want to spend the money on option 3, and would rather just add the sites to a blocked list i am able to help you.

I harvested a large number of these websites today from various sites (600 and still growing). If anyone needs a copy of the list just let me know, i will be more than happy to pass it on to you.

Cheers

wazzageek

1090 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#254158 8-Sep-2009 20:14

There is also the option of having a decent AUP that states what the internet can and can't be used for ... those abusing it can then be given the appropriate warnings, etc.

It's not clear to me whether the list you have is a white list OR a black list? (I'm more in favour of whitelists where the internet is not a requirement for performing the daily tasks)

Are you making this list publically available? (i.e. free of charge)

TrendMicro

Best TrendMicro deals for antivirus and malware protection(affiliate link).

jaymz

1132 posts

Uber Geek

#254163 8-Sep-2009 20:25

Agreed that a AUP with the correct definitions and rules is a must also. I read through a white paper today that discussed this issue: http://www.m86security.com/documents/pdfs/white_papers/education/wp_web-basedproxies.pdf (i was meant to add it to the bottom of my first post)

Sorry, the list is a black list. I have also signed up with one website so that i recieve updates on new web proxy addresses (kinda nice for them to put that feature on their site don't ya think?)

Yup and its completly free of charge, after trying to find a list online I want to help other people who might be searching for one. Just PM me your email or something and i can send it through (rather than bloating the forum with a rather large list)

Cheers

kingjj

1728 posts

Uber Geek

ID Verified

Trusted

#254286 9-Sep-2009 10:08

Shouldn't be too hard to scrap the list from proxy.org, they list over 33,000 web proxies including 6130 currently alive ones (which they check daily).

jaymz

1132 posts

Uber Geek

#254950 11-Sep-2009 08:33

Hi all,

I have uploaded the master file and a series of updates. These can found here:

Master file: http://www.sendspace.com/file/qmzd3j

Update_09-09-2009: http://www.sendspace.com/file/htojxj

Update_10-09-2009: http://www.sendspace.com/file/j2maxa

Update_11-09-2009: http://www.sendspace.com/file/ug7xrr

I am away for the weekend, so wont be able to upload any new files till Sunday night or Monday morning.

Cheers

xpd

aka Fast Raccoon !
13006 posts

Uber Geek

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#254954 11-Sep-2009 09:00

Thanks for that, will put them into place now :)

Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

xpd.co.nz - Retro gaming, geek stuff and more kiwiblast.co.nz - Lego and more

Support Kiwi music! The People Black Smoke Trigger Like A Storm Devilskin

NZ GEEKS Discord______________________________

insane

3170 posts

Uber Geek

ID Verified

Trusted

#255466 13-Sep-2009 21:53

Isn't it easier to subscribe to a service such that is offered by ISPs like Watchdog.net.nz and Maxnet.co.nz for a few $$ a month. They use marshal 8e6 appliances and have the ability to create a custom profile for you, saves you having to update your list every few hours.

jaymz

1132 posts

Uber Geek

#255509 14-Sep-2009 08:28

insane: Isn't it easier to subscribe to a service such that is offered by ISPs like Watchdog.net.nz and Maxnet.co.nz for a few $$ a month. They use marshal 8e6 appliances and have the ability to create a custom profile for you, saves you having to update your list every few hours.

Agreed, it would be easier to do this. But for me it only takes a few minutes each day to update the list, and i can help out others who might have a tight bugdet.

Each to their own really, thanks for the links. I'm sure someone would rather sign up for that (and i wasnt aware of such a subsciption before your post

)

The latest update can be found here: http://www.sendspace.com/file/320twf

Cheers

xpd

aka Fast Raccoon !
13006 posts

Uber Geek

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#255513 14-Sep-2009 08:59

We are quite particular about site access, relying on a 3rd party to control it would be a nightmare for us and them...we'd be on the phone/email to them all the time requesting changes etc.

Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

xpd.co.nz - Retro gaming, geek stuff and more kiwiblast.co.nz - Lego and more

Support Kiwi music! The People Black Smoke Trigger Like A Storm Devilskin

NZ GEEKS Discord______________________________

jaymz

1132 posts

Uber Geek

#255798 15-Sep-2009 08:19

Hi Guys,

Here's todays update: http://www.sendspace.com/file/aob94s

Cheers

CYaBro

4084 posts

Uber Geek

ID Verified

Trusted

Subscriber

#255807 15-Sep-2009 09:16

Doesn't OpenDNS do this as well?

xpd

aka Fast Raccoon !
13006 posts

Uber Geek

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#255825 15-Sep-2009 11:13

Think they offer a basic service, but as my last post, not always practical.

Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

xpd.co.nz - Retro gaming, geek stuff and more kiwiblast.co.nz - Lego and more

Support Kiwi music! The People Black Smoke Trigger Like A Storm Devilskin

NZ GEEKS Discord______________________________

insane

3170 posts

Uber Geek

ID Verified

Trusted

#255844 15-Sep-2009 13:16

xpd: We are quite particular about site access, relying on a 3rd party to control it would be a nightmare for us and them...we'd be on the phone/email to them all the time requesting changes etc.

yeah but you can get a profile which allows for an authenticated override, all you need is a username and password to let you bypass any filter on the spot if needed ASAP.

but yeah, everyone to their own I guess :)

jaymz

1132 posts

Uber Geek

#256734 18-Sep-2009 08:37

Here is the update for today: http://www.sendspace.com/file/kxkb6e

There hasn't been new ones created in the past 2 days (from the website I get the lists from)

Cheers

jaymz

1132 posts

Uber Geek

#257708 23-Sep-2009 08:31

Sorry for the delay in updates guys, here is one for the last few days: http://www.sendspace.com/file/lqtmao

Cheers

jaymz

1132 posts

Uber Geek

#262304 8-Oct-2009 08:34

Hi Guys, Rather than update each day, i am making a larger file and uploading it only every so often.

http://www.sendspace.com/file/e1klva

Thanks