Unfortunately the article linked above is referring to open proxies that most people use to get around the corporate or school proxy enforcing policy. Open proxies allow anyone pointing to them to get around the corporate policy. Many good security proxies maintain lists of these open proxies and prevent users from going to them. The tough part is of course making sure this list is up to date, as new open proxies get created every day.
The article above, though makes good points for the end-user on why you shouldn't use an open proxy. There are lots of inherent risks to your company or school and especially to your own workstation or laptop if you use an open proxy.
The article I referenced in yesterday's blog post made a good suggestion for system administrators to prevent the use of open proxies on the corporate network, which was making your corporate policy, a default "deny policy", and only allow specific websites through your corporate proxy. Unfortunately this is probably too severe for most organizations, which tend to have a default "allow policy", and then policy to deny specific site categories.
So if you're relying on your corporate proxies to prevent access to open proxies, and you have a default "allow policy", you need to make sure your URL database is not only up to date with their open proxy list, but you need to make sure they've got a method to determine when a new open proxy comes on-line and give a real-time rating to match the open proxy category. Many corporate proxies have this real-time capability today. Make sure yours does too.
Thursday, November 20, 2008
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment