crodrigueza
asked on
Avoid bypass of Firewall
Hello experts,
I'm the network admin at work, but I'm not an expert in networking and security, and unfortunately don't count with the latest resources (hardware/software).
My question: someone at work bypassed the firewall by using a remote proxy server, therefore gaining access to blocked sites.
Is there any way I could prevent this as much as posible ?
(apart from blocking tons of known proxy servers - they could always find another one)
I suppose there isn't a fast-easy-miracle solution, but any help will be very appreciated.
Maybe after that I can use my time in more important stuff!!
Thanks,
Cristian.
I'm the network admin at work, but I'm not an expert in networking and security, and unfortunately don't count with the latest resources (hardware/software).
My question: someone at work bypassed the firewall by using a remote proxy server, therefore gaining access to blocked sites.
Is there any way I could prevent this as much as posible ?
(apart from blocking tons of known proxy servers - they could always find another one)
I suppose there isn't a fast-easy-miracle solution, but any help will be very appreciated.
Maybe after that I can use my time in more important stuff!!
Thanks,
Cristian.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you are on track there. I do not have a proxy server that I could recommend.
Once you find out who is bypassing your firewall they need to get a pink slip.
Once you find out who is bypassing your firewall they need to get a pink slip.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot, both of you.
I found out - just by chance - that a person had bypassed the firewall, but I find the tricky part is knowing if they did and who did it. Since they don't pass through the firewall, there's no log and no evidence (right?) But I guess it's a headache for most IT departments.
On the other hand I'm in the middle of working on a long overdue upgrade of our server and software, with which I'll have more resources to manage and monitor the network and its use - and misuse - but in the meantime, I'll just have to struggle with what I have...
I completely agree with your point of view Stonewall, what I find incredible and a huge waste of time and resources is that sometimes you have to treat users like they're little children, "...don't touch that, don't do this, or you're fired..." But well, i guess sometimes it's the only way.
I'll implement a proxy server and block the ones on the list you mentioned, at least as a start.
Thanks again
Cristian.
P.D. I increased the points a little (don't have too many) so as to split them, hope you both agree - if not let me know!!
I found out - just by chance - that a person had bypassed the firewall, but I find the tricky part is knowing if they did and who did it. Since they don't pass through the firewall, there's no log and no evidence (right?) But I guess it's a headache for most IT departments.
On the other hand I'm in the middle of working on a long overdue upgrade of our server and software, with which I'll have more resources to manage and monitor the network and its use - and misuse - but in the meantime, I'll just have to struggle with what I have...
I completely agree with your point of view Stonewall, what I find incredible and a huge waste of time and resources is that sometimes you have to treat users like they're little children, "...don't touch that, don't do this, or you're fired..." But well, i guess sometimes it's the only way.
I'll implement a proxy server and block the ones on the list you mentioned, at least as a start.
Thanks again
Cristian.
P.D. I increased the points a little (don't have too many) so as to split them, hope you both agree - if not let me know!!
Chances are they didnt actually bypass the firewall....they just accessed a proxy server through your firewall, then used the proxy server to go where they weren't suposed to. Since your firewall only saw the traffic to the proxy, it couldn't filter or block it.
Using a firewall (or internal proxy server) that requires users to log on to get internet access should enable you to log and audit. Logging and auditing are essential elements of any security program.
Good luck!
Using a firewall (or internal proxy server) that requires users to log on to get internet access should enable you to log and audit. Logging and auditing are essential elements of any security program.
Good luck!
ASKER
So I should setup a proxy server on a different machine, make everyone connect to the internet through it, and on the firewall allow access to the internet only from that machine?
Or am I off-track
If this is the way to go, is there any particular proxy server you would recommend?
Thanks again.