Users using proxy avoidance sites

Forums › IT Pro and developers › Users using proxy avoidance sites

jamesla

85 posts

Master Geek

#43990 23-Oct-2009 11:44

To cut a long story short, what defense are you guys using against users using proxy avoidance sites?

1 | 2

1136 posts

Uber Geek
+1 received by user: 76

#267294 27-Oct-2009 15:24

We are using WebMarshal with a custom list of web proxy sites (see here: http://www.geekzone.co.nz/forums.asp?forumid=86&topicid=41051)

Options you have depending on your setup:

- Use group policy to force users through a proxy server (freeProxy)
- Set that proxy server to block the webproxy sites

Or
- Use group policy to block each site in Internet Options' blocked sites

xpd

Geek of Coastguard
14115 posts

Uber Geek
+1 received by user: 4574

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#267298 27-Oct-2009 15:35

Using Webmarshal as well....only seem to have a few users trying to bypass it now, most have given up :)

XPD / Gavin

LinkTree

Dinuir

41 posts

Geek

#267303 27-Oct-2009 15:47

We also use WebMarshal. In addition Active Directory is set to enforce usage of WebMarshal. Cisco firewall is configure to only allow WebMarshal server out to the internet.

We also run monthly WebMarshal usage reports to check the most popular websites used and if we see any proxy avoidance sites, we blacklist the url's so they cannot be access moving forward.

Things are only as complicated as you want them to be!!

browned

636 posts

Ultimate Geek
+1 received by user: 36

#267624 28-Oct-2009 10:37

We use AD, DHCP 252, and a WPAD file to try and capture all Internet Traffic and send it via Webmarshal. We were going to block all traffic except that from Webmarshal at the firewall but this caused problems with Citrix clients and our default IM tools.

I used to avoid proxies by using Google's Translatation tool. Not sure this would still work but simplist way to test is to use google and some dodgy site and see what you get back.

cheers
db

Home Server: AMD Threadripper 1950X, 64GB, 56TB HDD, Define R6 Case, 10GbE, ESXi 6.7, UNRAID, NextPVR, Emby Server, Plex Server.
Lounge Media Center: NVIDIA Shield TV 16GB: Kodi18 with Titan MOD, Emby.
Kids Media Center: NVIDIA Shield TV 16GB: Kodi18 with Titan MOD, Emby.
Main PC: Ryzen 7 2700, 16GB RAM, RX 570, 2 x 24"

jamesla

85 posts

Master Geek

#267772 28-Oct-2009 17:47

There has got to be an easier way than manually blocking each site, is there any sort of real time block list or proxy server with the ability to update this list by itself around?

We currently have an older version of web marshall and that is the only thing allowed out, but various people are using these sites. I could go through the logs and read through and manually block them but it doesn't exactly sound like a long term solution. There has to be an easier way!!!!

xpd

Geek of Coastguard
14115 posts

Uber Geek
+1 received by user: 4574

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#267779 28-Oct-2009 18:00

Use a provider like Watchdog. They offer filtering service at a cost.

XPD / Gavin

LinkTree

Apple TV

Stream your favourite shows now on Apple TV (affiliate link).

jaymz

1136 posts

Uber Geek
+1 received by user: 76

#267785 28-Oct-2009 18:17

If you are already using WebMarshal, just download the files I created and import them into your blocked sites list. There are hundreds of sites in those files which will block all but the recent one created.

xpd

Geek of Coastguard
14115 posts

Uber Geek
+1 received by user: 4574

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#267792 28-Oct-2009 18:42

Wonder if theres some way to import those files automatically.....

XPD / Gavin

LinkTree

bradi

137 posts

Master Geek
Inactive user

#267861 28-Oct-2009 21:42

Use a proxy/filtering service that gets updates. Websense is pretty good. If you keep blocking the problem users eventually they give up (or find ways that you can't track) ;)

BTW, why do you care what they do? Is it malicious? Is it a problem for the network? Does it expose you to liability? Does it cost you money? or is it more about being in control and policing what people can view?

Just curious...

hairy1

3352 posts

Uber Geek
+1 received by user: 644

ID Verified

Trusted

Lifetime subscriber

#267864 28-Oct-2009 21:56

Is something like opendns.org any good? I have set it up for a couple of home users and it seems to work pretty well. Are there any sneaky ways around this I should be on the lookout for?

My views (except when I am looking out their windows) are not those of my employer.

Ragnor

8279 posts

Uber Geek
+1 received by user: 585

Trusted

#267878 28-Oct-2009 22:52

You can always go with a different tack and use software like Rescue Time to record users activity and behaviour patterns rather than trying to block moving targets. This lets the good users check facebook, trademe or geekzone in their lunch break while identifying the bad users who spend their whole day doing nothing but Facebook.

HP

Shop now for HP laptops and other devices (affiliate link).

jamesla

85 posts

Master Geek

#267957 29-Oct-2009 09:03

JDNZ: Use a proxy/filtering service that gets updates. Websense is pretty good. If you keep blocking the problem users eventually they give up (or find ways that you can't track) ;)

BTW, why do you care what they do? Is it malicious? Is it a problem for the network? Does it expose you to liability? Does it cost you money? or is it more about being in control and policing what people can view?

Just curious...

I see what your saying but realistically if the IT manager tells me to block facebook and then walks past some people who are looking at facebook I look like a bit of a dick

jamesla

85 posts

Master Geek

#267960 29-Oct-2009 09:09

Sounds like manually importing Jaymz's list will be the best way. Will do that today. Would be really cool if someone made an automatic update feature/plug in

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#267962 29-Oct-2009 09:11

Sure but we are still curious why the IT Manager wants things blocked...

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

jaymz

1136 posts

Uber Geek
+1 received by user: 76

#267963 29-Oct-2009 09:16

Something else that might help you jamesla, I found a great little tool that will allow you to push out group policy on all the machines on the domain (rather than using command line stuff)

http://www.specopssoft.com/products/specopsgpupdate/

It adds an option inside active directory that allows you to run gpupdate. Helps standardise the state of group policy on the network.

Also, does your company have an internet usage contract? If it does you may want to highlight this to your users if it states personal websurfing is not allowed.

1 | 2