One ONE product made can do that, and it is very expensive. CyBlock will do this, for $799 per year per 10 users, so that would add up in a hurry. Solutions for white-listing are far more expensive that what some companies would want to pay.
Leythos. I have found out that SuperNews blocks his posts for some reason. I have to use an anonymous posting service, news.aioe.org, to read hits posts. In the oppoosite, news.aioe.org blocks posts from RyanP, but I can read those on SuperNews.
That's odd. I post through my normal Roadrunner usenet server.
And it would stick out like a sore thumb in the monitoring and logs....
No, every firewall on the market can do that, at least every quality firewall on the market, and there is no subscription for it - it's part of the native firewall function.
White listing in firewalls, as well as black listing, are a basic function.
Chilly8 wrote, On 27/11/07 04:13:
The approx 100UKP router I have can block proxies and any web site not white listed (it does not allow many white-list entries). I'm sure that the slightly more expensive firewalls companies tend to use can do an even better job of it.
Yep, I can do it in a $1500 firewall, since we're talking about businesses, and we already do it - simple, effective, easy.
The thing that people need to start understanding is that Web Access is not a "Right" anywhere in the world, you don't need to give employees access to the internet unless it is a business related function.
However, it would not be known where someone went beyond my Tor entry proxy, or even my phpProxy (if I ever get the problem with it fixed). I had an incredible peak load on my Tor proxy, during Cyber Monday, as I thought I would, and the total number of hits to my proxy nobody would ever believe. But I can say that I had hits from THOUSANDS of corporate network addresses during Cyber Monday, as online shoppers logged on from work, through my proxy, to do their online holiday shopping. I am sure I more than did my part to contribute to the holiday economy yesterday, given the total number of hits to my proxy thorugh the day, allowing people to bypass the company firewall and do thier online holiday shopping.
Doesn't matter that we couldn't see where the connection went after hitting your proxy, all we need to see is the connection to the proxy. Assuming of course we were lazy enough to allow the connection in the first place.
Jason
It doesn't matter if they know what it being connected to, only that it is not BUSINESS APPROVED - and that's as simple as it gets.
transparent proxies are useful against the general corporate population, but get someone knowledgeable with ssh and transparent proxies become a joke...aka 'useless'
You got that right. People like Leythos and Sebastian do not understand that ssh tunnels, or even "elite" level proxing make transparent proxies useless. The way Tor works, transparent proxies would indeed be useless. If you can get any Tor entry node, like mine, and you have effectively neutered any transparent proxies.
During cyber-monday, I had over 14,000 total hits to my proxy through the day, nearly all of them coming from corporate network IPs all over the United States of America, and almost all of them going to every kind of shopping website imagaineable. And for each of the those 14,000-plus employees, the boss will NEVER know what they are up to, becuase I run an "elite" proxy, effectively making corporate transparent proxies USELESS in finding out where they final destination was.
I set up the proxy that so people could circumvent the company firewall to listen to Live 365. Not all proxies work with Live 365 web player, but mine does. As I write this, I have several people coming into my proxy from workplaces in Australia, listening to my Live 365 station, through my proxy. My listenership always goes up from October 31 through Deccember 25, when I add Christmas music to the mix. All one needs to do is download and install Winamp on their work PC, sign on to Live 365 and change their listening preferences to launch the station via Winamp, change the proxy settings in Winamp to use my proxy, and they will be listening to my station, on Winamp, via my proxy, and in short order. The recent changes to Nanocaster, on Live 365, no longer allows Windows Media Player as a third-party player, but you can still have the site launch Winamp and commence the stream that way, and it will work through my proxy. Its just matter of changing proxy settings in both Winamp, and in either Internet Explorer or Firefox, and you are good to go.
And the simple truth is that if they can't connect, because of a simple firewall rule, that you won't be providing anything to them.
As said before, you don't understand SIMPLE FIREWALL methods or concepts, you just don't understand anything about networking.
All quality firewall appliances allow for restrictions simple enough to prevent your service from being reached while still allowing approved company/business websites to be accessed without ANY chance of the users reaching a proxy.
Well, 14,000 users using my proxy, on Monday, to access shopping sites from work, can't be wrong. It proves the old saying "where there is a will, there is a way".
In fact, Live 365 just updated their Nanocaster broadcast software to make their service harder to block, by using port 80 as a last resort if the normal ports (20000-24000) are blocked. Port 80 makes blocking it that much trickier, without resorting to pricey filtering software, of the more expensive filteirng appliance. Basically, it forces businesses to spend more now to block Live 365.
Which in turn is why many companies block access to proxies.
No, it proves that many companies don't believe in blocking first and only business necessary sites/access second.
The default rule in firewalling is Block everything, then permit only what is needed. Many of the newer admin types and many smaller business owners will go with the Allow everything and block only what they believe is a threat - just the opposite of how it should be.
So, what you're seeing is the users behind weak security solutions - you are NOT seeing users from behind properly secured networks.
Again, you clearly show that you don't understand networking, firewalls, security, how things actually work.
X-No-Archive: Yes
X-No-Archive: Yes
However, proxies, are sprouting up like weeds so fast that the filteirng companies cannot keep up with them half the time. Proxies come and go at such a huge rate, that they cannot keep with them. And my proxy is one of thousands of them being operated as public proxies.
Which is why ssh is your best friend...show me a company that can effectively block outbound ssh without disrupting normal outbound business traffic and i have a bridge to sell you...
And a properly configured firewall solution does not need a "Filtering Company" to identify them in order to prevent access to them.
As a matter of fact, all quality firewall appliances can block all outbound access by default and then permit the admins to create rules that allow access to "approved" sites only. Since the approved sites are not proxy sites, there is no way for the user to abuse the company resources and access yours or anyone else's services.
If the outbound only permits access to approved sites then it doesn't matter what you try.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.