Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.

Friday, March 14, 2008

To Proxy or Not to Proxy

The decision to implement a proxy is never taken lightly in any organization. If there's never been a policy around web-surfing during office hours, it's considered almost a god given right, and the implementation of a proxy can only be seen as big brother finally coming.

Unfortunately (for the end-users at least), the days of letting the end-user roam the internet freely is quickly coming to an end. According to a study by Sophos, 29% of webpages host some kind of malware, and an additional 29,000 pages containing malware are added to the internet daily. The risk of bringing malware into an organization, and letting that malware disrupt the network, or even worse steal sensitive corporate information is growing every day.

The only real solution to this problem is filter all web surfing through a proxy. A proxy can block malware from coming into an organization. A sophisticated proxy can even block only the malware links and programs on a webpage, allowing the rest of the page to be viewed, in case there is valuable information needed from that webpage.

There's additional added benefit from implementing a proxy. You can prevent end-users from downloading pornography, a sure violation of your organization's sexual harrassment policy. You can also create policy around bandwidth usage for such popular items as peer-to -peer file sharing, video watching, and music listening during office hours. All of these heavy bandwidth usage items are sure to restrict the amount of real work being done in the office.

If you're worried about the overhead involved for the administrator of the proxy, there's a lot of new ways to implement proxies these days. The old days of having to visit everyone's PC to put in the IP address of the proxy is gone. The proxy can simply be placed in-line or there are options for doing automatic proxy discovery (also known as WPAD - Web Proxy Autodiscovery Protocol). We'll go into the multiple deployment options for proxy setup in future postings, but for now, it's more important to realize the need for the proxy and the benefit the organization will receive by putting the proxy in place.

No comments: