comp.security.firewalls archive
Re: Anti-spyware at the Gateway
Date: Mon Mar 13 2006 - 13:23:58 CET
"Volker Birk" <bumens@dingens.org> wrote in message
news:441522ea@news.uni-ulm.de...
> Somebody. <somebody.@nospam.russdoucet.com> wrote:
>> > No one uses JUST white lists, the smart ones use category, white, black
>> > lists together.
>> Of course, this is understood by anyone that understands what Websense
>> (the
>> OP's chosen solution) can do.
>
> And it is completely nonsense. I never saw such a network which was
> configured this way, that ever detered me from getting arbitrary
> connection
> out for longer than two minutes.
>
> This is not too surprising, if one sees the fact, that tunneling can be
> implemented very easily.
>
> Yours,
> VB.
>
On the network like that, that we monitor, we catch the people that do such
tunnelling, and they are diciplined for breaching policy.
The rest of them surf around comfortably without risk of going offside of
the policy, as technology helps enforce it.
Those that repeatedly try to get around it, show up in the logs as such
(repeated denies), and get special "attention". Even your two minute
attempt would garner you some special attention, now for deliberately
attempting to get around the policies.
-Russ.
Received on Mon May 1 00:56:39 2006