This concern was also raised in our recent “Notes on E-Security Development” blog.

Majority of schools and educational institutions in developed countries are investing in sophisticated security solutions to help protect their internet resources. However, by using public proxy sites students are able to bypass security solutions and disguise their inappropriate activity from being detected.

When a proxy server is used a student will appear to be visiting only one site, the proxy itself, and not the blocked or banned target site. Any internet surfing they do after that is effectively invisible.

IBT also states that the number of public proxy sites has increased dramatically over the past few years. In 2006 M86 Security estimated the number of proxy sites to be 7,111. By 2009 the new estimate had risen to an amazing 91,490.

Using proxy sites to access blocked sites puts both the schools and the students at risk. The schools are at risk because the virus ridden proxy sites can contaminate their entire network and enables students to access the blocked sites already deemed as high risk. Students (and teachers for that matter) can personally suffer if a proxy site hosts malware, such as a trojan. Once a trojan has spread to computers, hackers can access them remotely and steal data, log keystrokes, and thus easily grab personal passwords and credit card numbers.

So what to do then? A spokesman for JANET, which carries data traffic between many local school networks in the United Kingdom, said: “I would agree that using proxy servers to get around security systems is indeed a problem. Technical solutions need to be used as one aspect of a wider approach to protecting users, including educating children, teachers, and parents in how to use the web safely.”

Education is certainly the key but it is also important to make the most out of security and monitoring solutions. Yes, it is impossible to effectively identify and manage all the 91,490 proxy sites out there. However, you might find that out of those 91,490 around 20-40 are commonly used and shared among the students at a specific school. Many public proxies use IP addresses (as opposed to site names) to avoid easy detection, so a spike in a certain IP address could be an indication that it is a popular proxy site.

Read our “How to Improve Public Proxy Management and Control” blog for tips on detecting public proxy usage.

Most frequently suggested bypass methods includes the use of public proxies, circumventors and http tunneling. I don’t wish to go into details on any of these methods as their use is NOT recommended. However, it does prove a point: The main reasons organizations block certain websites is to prevent security risks and unproductive internet usage. Although, it is an indisputable fact that employees’ use of virus ridden public proxies, and other elaborate methods, to overcome blocking efforts can in fact increase security risks and unproductive behavior – making matters even worse.

Obviously all employees do not take these measures, but isn’t it enough that some do? Yes, the same high risk and time consuming bypassing “techniques” could be used when trying to stay anonymous from internet monitoring software. However, there are two main differences:

1. Using internet monitoring software reduces the need to block. Employees will be able to access the legitimate sites that often end up blocked thanks to a “block worthy” word in a corporate blog, or something of similar virtuousness. Not blocking means less time and effort spent trying to bypass blocking solution. After all, my mailbox is not full of alerts on how to bypass internet monitoring software.
2. Using internet monitoring software will allow employers to detect who is up to no good trying to bypass blocking rules or browse anonymously. For example, if an employee continuously use public proxies or tunneling, an internet monitoring solution (or at least a good internet monitoring solution) can assist the employer in tracking down the offender. (Please have a look at “How to Improve Public Proxy Management” blog for more info.)

This blog simply adds to the convincing case against organizations’ excessive use of blocking and filtering solutions. Porn sites, known malicious virus and phishing sites – by all means, block the living daylight out of them. But as for the rest, as for news site, online shopping sites, social networking and general interest sites – Don’t block, monitor.

I want to avoid repeating myself so please have a look at previous blog for the full story on “The Cost of Blocking Employee Internet Usage”

Certain U.S. Army bases, that formerly blocked access to Web 2.0 sites, now permit users to surf to sites such as Facebook and Flickr. The Army has ordered its network managers to give soldiers access to social media and thereby reversing a years-long trend of blocking web 2.0 sites on military networks.

SCMagazineUS.com interviewed Marcus Sachs, director of the SANS Internet Storm Center and a retired Army officer, who says, “It’s a recognition that soldiers are using Facebook and Twitter as part of their jobs, not just for recreation.”

Sachs explains that the decision to allow social networking sites requires a balance between allowing technology that the soldiers are familiar with and want to use versus the concerns related to social network sites. Sachs says ”Keeping these sites blocked is a good defense to keep networks free of malware infection, but such a move cuts down on how efficient soldiers can be.” Sachs also points out that confidential data leakage is another concern that will be tackled by educating soldiers how to appropriately use social networking sites.

This order is truly a step in the right direction. Not only does the army recognize soldiers’ need to communicate with family and friends but also the efficiency issues arising when blocking Internet access. As clearly indicated there are several issues that may arise by providing access to social media sites. However, most of these can be tackled by educating soldiers (or workforce) on what is accepted and what is not and ensure online privileges are used as intended. Hopefully more government, educational and commercial organizations will follow suit.

Related Articles:
SC Magazine – Army ends ban on Facebook, Flickr, other social media sites

The fix can be applied to WebSpy Analyzer Giga 2.3, Analyzer Premium 4.3 or Analyzer Standard 4.3. If you’re not running the latest version, download it now!

You can download the new loader build that we created today at either of these locations:
USA West Coast (FTP)
USA East Coast (FTP)

Then extract the zip file into Analyzer’s installation folder (usually C:\Program Files\WebSpy\Analyzer flavour 4.3\) and overwrite the existing file.

Then go to the storages screen and select your Sophos storage(s) and click ‘Reload all hits’. This will re-import your log files using the modified loader and will populated the ‘Blocked’ summary appropriately. To check it out, go to the Summaries screen and run a Full Analysis. Then go to the ‘Blocked’ summary and you should see two items – ‘Blocked’ and ‘Not Blocked’. Drilldown into whichever one you care about to analyze the sites, users, files, browsing times, size downloaded etc. Go nuts!

You can also filter out blocked hits (or Not Blocked hits) from your reports. On the Reports Screen, click Generate a new report and go through the report wizard with this filter (this example shows filtering out blocked hits).

Analyzer Report Wizard - Select Custom Filters

Analyzer Report Wizard - Selecting the 'Blocked' Summary as a Filter

Analyzer Report Wizard - Adding the items that you want to filter

Analyzer Report Wizard - final filter to exclude 'Blocked' hits

Then proceed through the report wizard to generate your report. This filter can be applied to any report as well as analyses on the Summaries screen (using the same options in the Analysis Wizard).

Happy analyzing!