Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.

Tuesday, April 15, 2008

Web 2.0 in a Proxy World

In today's constantly on, information overload, the term Web 2.0 has become acceptable to cover any new web technology, display of web information, and use of the web. The definition of Web 2.0 remains fluid and evolving making it difficult for a network administrator, to understand what the threats are associated with Web 2.0 that s/he needs to be aware of.

The IT press is publishing articles that display Web 2.0 as a doomsday scenario for many IT administrators. Today, Web 2.0 covers any new web based mechanism of sharing information, whether it's blogging, social networking, or file sharing. Dynamically displayed web pages, using technologies such as Ajax, contribute to the feel of a new web experience.

The threat to the proxy administrator is that URL databases and Web reptuation are no longer sufficient by themselves to protect the end-user from threats that are dynamically created on webpages based on random criteria. One user viewing a page may see a perfectly safe page with no threats, but the next person looking at the same URL may have an embedded drive-by malicious code that was created dynamically.

Just because a site has a good reputation doesn't protect you from the possibility of getting a virus or spyware from that site. Less of a problem, but still a problem, is also the possibility of displaying content that may be prohibited by corporate policy. Because this content can be dynamically created and differ by viewers of the same URL, once again, standard categorization or single bucket categorization will be less than effective in enforcing corporate policy.

So, what's the proxy administrator to do in a Web 2.0 world? The first is obviously to keep your proxy up to date, and to make sure your proxy has the latest in security features. Make sure your proxy is a "secure web gateway" (to use Gartner's terminology). This means in addition to the URL database, there's a mechanism to examine content for malware, regardless of categorization or reputation. Also make sure your proxy doesn't categorize URL's into single buckets, but has the ability for a URL to spread across multiple categories, and the ability to dynamically rate any page as needed.

No comments: