Sonic Wall being Bypassed - Need proxy?

I have a sonic Wall that managnes my internet usuage, but I don't think it will act like a Proxy, I have blocked the connection tab using global policies, but find I have users who have loaded Netscape or Modzilla.  The are accessing unauthorized web sites by using a ouside proxy server.  Can anyone recommend a low cost or Free proxy software....or explain how my sonic wall might be used to stop this?

Scott
Scott JohnstonIT Manager Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Hello there,

Try ezproxy might be some use to you.

http://www.lavasoftware.net/en/content/ezproxy/download.htm

hope this helps
0
jhanceCommented:
The solution is simple.  Fix your network so that ONLY the SonicWall can access the internet.  Then even if users try to bypass the device it will do them no good since there is no alternate route to the net.
0
soundguymikeCommented:
There is almost always some way around whatever filtering you use especially if you give enough user privileges to install a browser. I would suggest starting a corporate policy for internet usage that has severe penalties for misuse.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

Scott JohnstonIT Manager Author Commented:
JHance can you explain in more detail, I am not a expert with routing...Thank you
0
jhanceCommented:
Well it's unclear exactly how you have your network setup but it is clear that you've permitted a way for users to bypass your SonicWall device and get to the internet by whatever means they choose.

1) Fix your network so that there is NO way to the internet but via the SonicWall.
2) Fix the SonicWall so that only traffic/sites/ports/etc. that YOU permit are passed.  All other traffic is blocked.

I'm not a SonicWall expert but I was under the impression that this is a firewall appliance and can control both incoming and outgoing traffic.  So set it up to only permit the traffic you (or your company's policies) permit.

Obviously proxy traffic or traffic to proxy servers is not to be permitted.
0
The_IT_GarageCommented:
Jhance is right. You're using a DHCP server I hope? In any case set the Sonicwall IP as the default Gateway for all your machines, server and PC alike, that way they can't hit the Internet without touching the SonicWALL.

The SonicWALL is a pretty easy to use appliance and you configure it to block everything except ports 80 (http) and if necessary port 110 (POP3). For other ports Windows needs here's Microsoft's guide
http://support.microsoft.com/?kbid=832017
(you only need to open what hits the Internet - don't open TCP port 135 to the Internet!!)

In SonicWALL (and most other)  parlance, WAN = Internet side and LAN  = Internal. After setting everything to the SonicWALL as the gateway, set up the blocking on the SonicWALL.

SonicWALL is very easy to use and since you're new to this make one change at a time and let it sit for a day or two. To catch the low hanging fruit you can check SonicWALL's logs for the most frequently accessed sites and block the ones that need to be blocked. Do this once/day and after a week you will notice things getting knocked back.

SonicWALL allows you to create rules and then enable/disable them, so you could spend some time creating some and then turning them on once at a time
0
jhanceCommented:
But if the SonicWall is being "bypassed" as noted in the question, then I conclude that there is ANOTHER path to the outside internet that people know about.  So by changing their default GW or by modifying their web browser can get past the SonicWall and do whatever they want.

You need to CLOSE the bypass-path so that the SonicWall is the ONLY way out.  Then, and only then, will the filtering options you have available to you on that hardware make a difference.  It's my experience that if there is a way around someone will find it and exploit it.  If one does it, other will find out about it and do it as well.

Run a "tight ship" and you will retain control of this situation.
0
Scott JohnstonIT Manager Author Commented:
All the ideas you are presenting will work but the problem is there are Web sites within the internet that act as proxy servers.  It almost as if you are in a terminal service session browsing the internet using someone elses proxy server.  When I say bypassed it is being bypassed becasue of the contenct filtering is being overiden by a outside proxy server.   I locked down the IE pages so users cannont make changes to there setting, I blocked Netscape and Mozilla, I block all sites that have the work Proxy in the url. but still when you get tot his site  www.bypassfilter.org, it will allow the end user to go to a site this is unauthorized. (Thata include x-rated sites)  I keep adding these sites to my block list of un-authorized url's but the keep popping up.  I don't want to be a bad guy and turn in the users, so this is why I am trying to get some ideas on how to stop this type of usuage.

Scott
0
jhanceCommented:
Block access to the proxy servers in your SonicWall!!  Most proxy servers operate on OTHER THAN port 80.  Usually 8080.  Block port 8080 and any other non-standard port from exiting your network.

Better yet, block EVERYTHING and then permit what is acceptable.  That, in my opinion is often a better approach.
0
The_IT_GarageCommented:
"the problem is there are Web sites within the internet that act as proxy servers". If the only gateway to the Internet is via the SonicWALL it won't matter that there are Proxy servers outside your LAN because the SonicWALL can be configured to block them.

1) Make sure all clients default gateway is the SonicWALL LAN IP. If you don't have this your SonicWALL is useless.
2) Block all ports except port 80 and see if a machine can get to a site specifically blocked by SonicWALL. If they can then check the IP settings on the client machine that can access the "blocked" site, by definition it would be using a gateway IP other than the SonicWALL.

If you block everything but port 80 you can see what other ports client PC's are trying to use by looking at the SonicWLL log. As jhance said the best approach is block everything and open up ports as required. Best way to do this is to block everything off hours and have a user come in early or late to test their apps so you can configure it wth minimal fuss to the end users.

First and foremost, the degault gateway must be the SonicWALL - and by that I mean the SonicWALL LAN address, not the gateway the SonicWALL uses (that would bypass the SonicWALL).

Curious that you haven't standardized on one browser, it makes life *much* simpler. Is this a business setting, academic or ??
0
soundguymikeCommented:
"I keep adding these sites to my block list of un-authorized url's but the keep popping up.  I don't want to be a bad guy and turn in the users, so this is why I am trying to get some ideas on how to stop this type of usuage." It sounds like you are allways a step behind in a cat and mouse game of finding proxies on the internet you unfortantly will probably not win this since there are thousands you can even use sites like google cache or translater to act as proxies.

The only way you could win is if you choose the option to block everything except what is an allowed site in the sonicwall.  This will block a lot of usefull sites though.

I would first review you acceptable use policy because you might be putting you job in danger by not reporting (for example i work at a elementary school and if i notice that  a computer is being used for porn and i dont do anything about it I can become liable for any incedent.)

Second i would go to your superior and setup guidlines for dealing with the offender mabey just an email saying that the computers at work are not for personal use and plese refrain from going to these proxy sites.

This would freak most people out knowing that they are being watched and will probably stop right there.

If the problems continue you send another email and and but on a key logger.

If it still continues that is when you need to report them and bring the key log.

You might not want to be the bad guy and report them but if you dont and let them continue it will be only a matter of time before there actions directly lead to a virus outbreak or hijacking not to mention the bandwith used wich could be used for something productive.

best of luck
Michael
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.