Ask the Expert

Users installing their own proxy programs without authorization -- how can we track and stop this?

At present, authorized network users here in our company connect to the Internet using a proxy server. However, some of the users have installed another proxy program on their PCs, thus allowing unauthorized access to other users. We were able to track down these installations by scanning all users with active port 8080 (proxy). Is there a way that the Internet connection can still be shared without using a proxy? How can we track them?

    Requires Free Membership to View

They will need to use a "proxy" in some form or another, but the proxy doesn't necessarily need to listen on port 8080. There are many different proxy applications, and most of them can be configured to listen on any port number.

There's no simple solution. Your method of auditing is a great idea, and enables you to find anybody who installed a proxy that listened on port 8080. In your case, there was probably a single user who was knowledgeable enough to configure a proxy, and that person showed other people how to use the same application. However, finding other rogue applications will be difficult.

One way to stop this is to tighten the desktop operating systems so that users cannot install applications that you have not previously approved of. Many IT organizations do this with varying degrees of success. If users need the ability to install any application, it gets more difficult.

Another technique is to install a proxy server or a firewall at your Internet connection. This proxy server can log all outgoing requests. This wouldn?t stop users from installing proxies to allow others to the Internet, but it would offer some accountability -- if you found users surfing sites that were clearly not work related, you could track it back to them to investigate.

Finally, you could change the way your network is designed to separate users with Internet access from users without Internet access. If you created three separate LANs connected by a router with filtering, you could configure the router to allow only one LAN to access the Internet. The other LAN could be allowed to access internal resources, such as intranet servers, file servers and e-mail servers. However, they would be restricted from contacting other desktop computers or reaching the Internet.


This was first published in May 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: