Solved

Avoid bypass of Firewall

Posted on 2006-11-10
6
1,677 Views
Last Modified: 2013-11-16
Hello experts,

I'm the network admin at work, but I'm not an expert in networking and security, and unfortunately don't count with the latest resources (hardware/software).

My question:  someone at work bypassed the firewall by using a remote proxy server, therefore gaining access to blocked sites.  
Is there any way I could prevent this as much as posible ?
(apart from blocking tons of known proxy servers - they could always find another one)

I suppose there isn't a fast-easy-miracle solution, but any help will be very appreciated.
Maybe after that I can use my time in more important stuff!!

Thanks,

Cristian.

0
Comment
Question by:crodrigueza
  • 2
  • 2
  • 2
6 Comments
 
LVL 9

Assisted Solution

by:JamesTX10
JamesTX10 earned 150 total points
ID: 17916084
Setup your own proxy server and only allow connections to the intertnet through your proxy.
0
 

Author Comment

by:crodrigueza
ID: 17916211
Thanks JamesTX10,

So I should setup a proxy server on a different machine, make everyone connect to the internet through it, and on the firewall allow access to the internet only from that machine?

Or am I off-track

If this is the way to go, is there any particular proxy server you would recommend?

Thanks again.


0
 
LVL 9

Expert Comment

by:JamesTX10
ID: 17917056
you are on track there. I do not have a proxy server that I could recommend.

Once you find out who is bypassing your firewall they need to get a pink slip.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 4

Accepted Solution

by:
StonewallJacoby earned 150 total points
ID: 17917088
Cristian,

The way I deal with this is:  Company policy is that Company IT resources are for work-related use only.  Measures have been put into place to protect the company network.  All employees are trained on the policies, and then all sign a statement that they understand the policies and the consequences of violating them.

This is the hard part: you set up your firewall to require authentication in order to access the Internet for anything, then you log internet activity by everyone, by individual user.  Monthly, perform an audit of a few users' activity, randomly selected.  If there is evidence of misuse, confront them with it and tell them they will be terminated if they don't abide by the policies.  Make sure that if they are accessing proxy servers outside your firewall in order to defeat your security measures, they are violating policy.  Consult your company attorney.  Have a consultant come in and set it up for you if necessary.  

This is a large and growing issue for all companies that are connected to the Internet, which, frankly, is all of them.  Companies are facing lost productivity and even harrassment lawsuits from employees using the internet to ebay, yahoo, and look at pron.  The personal computer has been likened to having a home entertainment system installed at each employee's workstation.  IRC (chat) is another huge issue in this regard.  The purveyors of chat have a zillion ways to get through your firewall.  The final solution, of course, is to start firing people.  The come to work to work, not to get paid by the hour to play.  If management isn't willing to back you up, then all you can do is tinker at the edges of the problem.

You can and should take measures to block these proxies at your boundary.  But as you said, it will be an ongoing struggle.  Start here:  http://www.ghacks.net/2006/08/04/free-web-proxy-list/    But try to get an auditing program in place.   It will pay for itself.



0
 

Author Comment

by:crodrigueza
ID: 17917283
Thanks a lot, both of you.

I found out - just by chance - that a person had bypassed the firewall, but I find the tricky part is knowing if they did and who did it.  Since they don't pass through the firewall, there's no log and no evidence (right?)  But I guess it's a headache for most IT departments.

On the other hand I'm in the middle of working on a long overdue upgrade of our server and software, with which I'll have more resources to manage and monitor the network and its use - and misuse - but in the meantime, I'll just have to struggle with what I have...

I completely agree with your point of view Stonewall, what I find incredible and a huge waste of time and resources is that sometimes you have to treat users like they're little children, "...don't touch that, don't do this, or you're fired..." But well, i guess sometimes it's the only way.

I'll implement a proxy server and block the ones on the list you mentioned, at least as a start.

Thanks again

Cristian.

P.D. I increased the points a little (don't have too many) so as to split them, hope you both agree - if not let me know!!


0
 
LVL 4

Expert Comment

by:StonewallJacoby
ID: 17917425
Chances are they didnt actually bypass the firewall....they just accessed a proxy server through your firewall, then used the proxy server to go where they weren't suposed to.  Since your firewall only saw the traffic to the proxy, it couldn't filter or block it.

Using a firewall (or internal proxy server) that requires users to log on to get internet access should enable you to log and audit.  Logging and auditing are essential elements of any security program.

Good luck!
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now