I Need A Proxy, Everybody Wants A Proxy

Unfortunately the article linked above is referring to open proxies that most people use to get around the corporate or school proxy enforcing policy. Open proxies allow anyone pointing to them to get around the corporate policy. Many good security proxies maintain lists of these open proxies and prevent users from going to them. The tough part is of course making sure this list is up to date, as new open proxies get created every day.

The article above, though makes good points for the end-user on why you shouldn't use an open proxy. There are lots of inherent risks to your company or school and especially to your own workstation or laptop if you use an open proxy.

The article I referenced in yesterday's blog post made a good suggestion for system administrators to prevent the use of open proxies on the corporate network, which was making your corporate policy, a default "deny policy", and only allow specific websites through your corporate proxy. Unfortunately this is probably too severe for most organizations, which tend to have a default "allow policy", and then policy to deny specific site categories.

So if you're relying on your corporate proxies to prevent access to open proxies, and you have a default "allow policy", you need to make sure your URL database is not only up to date with their open proxy list, but you need to make sure they've got a method to determine when a new open proxy comes on-line and give a real-time rating to match the open proxy category. Many corporate proxies have this real-time capability today. Make sure yours does too.

Mining for Malware; There’s Gold in Them Thar Proxy Logs!

A new research paper released on the SANS website (link to the paper above in the title) discusses using the web proxy logs to discover how much malware is in your network. In addition to mining information from web proxy logs to determine if malware got through, the author also discusses some policies that worth enforcing on the proxies in your organization to minimize malware and spyware on your internal network.

One of the keys here is of course making sure your proxy has an up to date URL database and is using an anti-virus package to make sure no malware is making its way through to your network. You also want to make it as difficult as possible for employees to use an anonymizing or other proxy-avoidance software which makes it easier for them to get infected.

Tough Times

It's no surprise to anyone, every IT department is going along with rest of the world in having to deal with smaller budgets, cost cutting, and everything that goes along with a really tough economy. We're all treading new water every day with new lows and new surprises in the market.

For the typical IT administrator, the key here is how to reduce your costs in an effort to be the good corporate citizen. Proxies should be on your shortlist on how to help you cost cut in your organization. If you're already using a proxy today to restrict usage of the Internet, re-evaluate your policies and make sure they're up to date for today's social networking, Web 2.0 web use. If you don't have a proxy, you need to get one to make sure you aren't increasing your bandwidth spend every quarter due to unauthorized use of the internet. In other words, don't increase your bandwidth budget to pay for someone watching video on your corporate bandwidth links.

Some proxies offer even greater savings than just internet policy enforcement. Many offer compression, caching and other bandwidth savings features as well, and there's even a proxy out there that doubles as a WAN Optimization device, saving bandwidth across those wide area links. Do your homework and find out if a proxy can help you cut costs in today's frugal environment

SaaS

Software as a Service (SaaS) has provided a lot of fodder for security concern in the Enterprise. As valuable corporate data moved out to the cloud, there's concern about making sure the right data goes to the cloud, as well as making sure no malware/spyware is coming back into the organization through secure web connections. Proxies have been providing a solution for these concerns, and in a recent announcement, linked above, even Webroot is offering a cloud based service (in the SaaS model) for scanning of web threats.

While SaaS services like Salesforce.com and Webex have proven the value of SaaS, it remains to be seen if enterprises will be willing to use security as a service in the cloud. As Web 2.0 becomes commonplace, security admins are searching for new ways of ensuring their end-users are protected. Is Security in the Cloud the answer?

Undetectable data-stealing trojan nabs 500,000 virtual wallets

The linked article above is another reminder why it's important to have a proxy as part of your network security infrastructure, especially one that has the ability to block embedded URL's that are considered spyware or malware sources. Researchers have uncovered a trove of financial account data stolen by a Trojan horse program known as Sinowal over the last several years. As many as half a million accounts have been compromised; more than 20 percent were stolen in the last six months alone. Sinowal, which is also known as Torpig and Mebroot, spreads through websites onto unpatched PCs without any user interaction. That the Trojan had been operating for nearly three years has been called "extraordinary." It lies in wait on infected PCs; when a user enters a banking URL, it offers up a phony site to collect the pertinent data and then sends the information back to a drop server.

Visibility and Control

The proxy architecture has proven to be one of the most popular in implementing web security for enterprises. While it gives control to network administrators in implementing corporate HR policy on web browsing, it hasn't been a great tool for visibility or control into other applications that run on the network or even other applications that run over port 80, the port for http (web traffic).

Getting that visibility seems to be the goal for a few vendors in the proxy space. Blue Coat Systems recently acquired Packeteer and the PacketShaper product line to give it application visibility on the network. Palo Alto Networks has similar features built into its application firewall. The key here is understanding what's running on your network. While most administrators like to believe they understand what's on the network, without visibility on the application level, it's unlikely you actually know what's using up your network bandwidth.

Visibility and Control. Find out what's running on your network and stop it from eating up your valuable bandwidth and resources.

Network Latency

It's not uncommon to get complaints from your end-users about response times, and immediately blame network latency for the problems. Here's a good article that talks about the different sources of latency that an end-user may experience.

It's interesting to note the author lists proxy servers in its own category as one of the areas to check for latency.

As latency has become more of an issue, it's a topic that WAN Optimization vendors have spent a great deal of time explaining and targeting. Almost all the vendors have a good story about how they address latency in reducing the application wait times for end-users.