Re: Kids bypassing firewall via web proxy sites

"Ansgar -59cobalt- Wiechers" <usenet-2006@planetcobalt.net> wrote in message
news:4869eoFib44iU1@individual.net...
> Don Kelloway wrote:
>> "Sebastian Gottschalk" <seppi@seppig.de> wrote:
>>> Don Kelloway wrote:
>>>> In respect to the technical solution itself it should be understood
>>>> that when properly administered it leaves practically little, if any
>>>> possiblity for circumvention.
>>>
>>> When it comes to content filtering and tunneling: You'd wish.
>>
>> Tunneling is not escapable to detection and content filtering can be
>> applied. Maybe you ought to become more familiar with the content
>> filtering solutions that are available as opposed to what you think
>> they can and can't do.
>
> *sigh*
>
> Please read the thread. We're already through this discussion (including
> each of its facets). And you're wrong.
>

HTTP traffic allowed outbound is to port 80 and HTTPS allowed outbound is to
specific IP's that are known. No other ports are allowed outbound and the
proxying of traffic is not allowed. For what HTTP traffic is allowed the
GET requests are inspected/filtered to immediately block known objectionable
sites by either IP address and domain name. Blocking is accomplished by
spoofing the content that would have been returned from the website to the
client and injecting this back onto the wire. Of the HTTP GET requests
inspected and allowed, such must be to a single site and this request is
logged. Anything that deviates from this format is blocked. With reports
reflecting IP addresses/site names, by requests made, by volume, etc.
traffic patterns may be discerned. If something doesn't look right, the IP
address or domain name can be added to a block list to prevent further
access.

If there is any tunneling going on in the above I'd like to see it, then
again if you're correct. I guess I won't.

-- 
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your Security 
on the Internet".