?
Solved

Sonic Wall being Bypassed - Need proxy?

Posted on 2006-04-24
12
Medium Priority
?
16,370 Views
Last Modified: 2011-08-18
I have a sonic Wall that managnes my internet usuage, but I don't think it will act like a Proxy, I have blocked the connection tab using global policies, but find I have users who have loaded Netscape or Modzilla.  The are accessing unauthorized web sites by using a ouside proxy server.  Can anyone recommend a low cost or Free proxy software....or explain how my sonic wall might be used to stop this?

Scott
0
Comment
Question by:Scott Johnston
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 16528789
Hello there,

Try ezproxy might be some use to you.

http://www.lavasoftware.net/en/content/ezproxy/download.htm

hope this helps
0
 
LVL 32

Expert Comment

by:jhance
ID: 16533308
The solution is simple.  Fix your network so that ONLY the SonicWall can access the internet.  Then even if users try to bypass the device it will do them no good since there is no alternate route to the net.
0
 
LVL 2

Accepted Solution

by:
soundguymike earned 750 total points
ID: 16533387
There is almost always some way around whatever filtering you use especially if you give enough user privileges to install a browser. I would suggest starting a corporate policy for internet usage that has severe penalties for misuse.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 

Author Comment

by:Scott Johnston
ID: 16535155
JHance can you explain in more detail, I am not a expert with routing...Thank you
0
 
LVL 32

Expert Comment

by:jhance
ID: 16535299
Well it's unclear exactly how you have your network setup but it is clear that you've permitted a way for users to bypass your SonicWall device and get to the internet by whatever means they choose.

1) Fix your network so that there is NO way to the internet but via the SonicWall.
2) Fix the SonicWall so that only traffic/sites/ports/etc. that YOU permit are passed.  All other traffic is blocked.

I'm not a SonicWall expert but I was under the impression that this is a firewall appliance and can control both incoming and outgoing traffic.  So set it up to only permit the traffic you (or your company's policies) permit.

Obviously proxy traffic or traffic to proxy servers is not to be permitted.
0
 
LVL 5

Expert Comment

by:The_IT_Garage
ID: 16537372
Jhance is right. You're using a DHCP server I hope? In any case set the Sonicwall IP as the default Gateway for all your machines, server and PC alike, that way they can't hit the Internet without touching the SonicWALL.

The SonicWALL is a pretty easy to use appliance and you configure it to block everything except ports 80 (http) and if necessary port 110 (POP3). For other ports Windows needs here's Microsoft's guide
http://support.microsoft.com/?kbid=832017
(you only need to open what hits the Internet - don't open TCP port 135 to the Internet!!)

In SonicWALL (and most other)  parlance, WAN = Internet side and LAN  = Internal. After setting everything to the SonicWALL as the gateway, set up the blocking on the SonicWALL.

SonicWALL is very easy to use and since you're new to this make one change at a time and let it sit for a day or two. To catch the low hanging fruit you can check SonicWALL's logs for the most frequently accessed sites and block the ones that need to be blocked. Do this once/day and after a week you will notice things getting knocked back.

SonicWALL allows you to create rules and then enable/disable them, so you could spend some time creating some and then turning them on once at a time
0
 
LVL 32

Expert Comment

by:jhance
ID: 16537896
But if the SonicWall is being "bypassed" as noted in the question, then I conclude that there is ANOTHER path to the outside internet that people know about.  So by changing their default GW or by modifying their web browser can get past the SonicWall and do whatever they want.

You need to CLOSE the bypass-path so that the SonicWall is the ONLY way out.  Then, and only then, will the filtering options you have available to you on that hardware make a difference.  It's my experience that if there is a way around someone will find it and exploit it.  If one does it, other will find out about it and do it as well.

Run a "tight ship" and you will retain control of this situation.
0
 

Author Comment

by:Scott Johnston
ID: 16538266
All the ideas you are presenting will work but the problem is there are Web sites within the internet that act as proxy servers.  It almost as if you are in a terminal service session browsing the internet using someone elses proxy server.  When I say bypassed it is being bypassed becasue of the contenct filtering is being overiden by a outside proxy server.   I locked down the IE pages so users cannont make changes to there setting, I blocked Netscape and Mozilla, I block all sites that have the work Proxy in the url. but still when you get tot his site  www.bypassfilter.org, it will allow the end user to go to a site this is unauthorized. (Thata include x-rated sites)  I keep adding these sites to my block list of un-authorized url's but the keep popping up.  I don't want to be a bad guy and turn in the users, so this is why I am trying to get some ideas on how to stop this type of usuage.

Scott
0
 
LVL 32

Expert Comment

by:jhance
ID: 16538821
Block access to the proxy servers in your SonicWall!!  Most proxy servers operate on OTHER THAN port 80.  Usually 8080.  Block port 8080 and any other non-standard port from exiting your network.

Better yet, block EVERYTHING and then permit what is acceptable.  That, in my opinion is often a better approach.
0
 
LVL 5

Expert Comment

by:The_IT_Garage
ID: 16539029
"the problem is there are Web sites within the internet that act as proxy servers". If the only gateway to the Internet is via the SonicWALL it won't matter that there are Proxy servers outside your LAN because the SonicWALL can be configured to block them.

1) Make sure all clients default gateway is the SonicWALL LAN IP. If you don't have this your SonicWALL is useless.
2) Block all ports except port 80 and see if a machine can get to a site specifically blocked by SonicWALL. If they can then check the IP settings on the client machine that can access the "blocked" site, by definition it would be using a gateway IP other than the SonicWALL.

If you block everything but port 80 you can see what other ports client PC's are trying to use by looking at the SonicWLL log. As jhance said the best approach is block everything and open up ports as required. Best way to do this is to block everything off hours and have a user come in early or late to test their apps so you can configure it wth minimal fuss to the end users.

First and foremost, the degault gateway must be the SonicWALL - and by that I mean the SonicWALL LAN address, not the gateway the SonicWALL uses (that would bypass the SonicWALL).

Curious that you haven't standardized on one browser, it makes life *much* simpler. Is this a business setting, academic or ??
0
 
LVL 2

Expert Comment

by:soundguymike
ID: 16549497
"I keep adding these sites to my block list of un-authorized url's but the keep popping up.  I don't want to be a bad guy and turn in the users, so this is why I am trying to get some ideas on how to stop this type of usuage." It sounds like you are allways a step behind in a cat and mouse game of finding proxies on the internet you unfortantly will probably not win this since there are thousands you can even use sites like google cache or translater to act as proxies.

The only way you could win is if you choose the option to block everything except what is an allowed site in the sonicwall.  This will block a lot of usefull sites though.

I would first review you acceptable use policy because you might be putting you job in danger by not reporting (for example i work at a elementary school and if i notice that  a computer is being used for porn and i dont do anything about it I can become liable for any incedent.)

Second i would go to your superior and setup guidlines for dealing with the offender mabey just an email saying that the computers at work are not for personal use and plese refrain from going to these proxy sites.

This would freak most people out knowing that they are being watched and will probably stop right there.

If the problems continue you send another email and and but on a key logger.

If it still continues that is when you need to report them and bring the key log.

You might not want to be the bad guy and report them but if you dont and let them continue it will be only a matter of time before there actions directly lead to a virus outbreak or hijacking not to mention the bandwith used wich could be used for something productive.

best of luck
Michael
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ITIL has an elaborate incident management framework. This article serves as a starter for those who'd like to know more or need to suss out the baseline elements in a typical incident response execution plan on the "need to have" and the "good to ha…
This blog will spread awareness about Dropbox. We have given the statements based upon our experience. Along with this, there is a section of some new plans that should be added in Dropbox this year. This will make the storage service enhanced from …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

616 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question