[unisog] WebShell4

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Thu Sep 29 21:43:36 GMT 2005


On Thu, 29 Sep 2005 14:37:33 CDT, Allen Barrett said:

> We've been having difficulty getting a lid on our students that are
> bypassing our content filtering with proxy services such as proxify and
> now.a service call WebShell4.  I'm curious, has anyone had an issue with
> this sort of thing, and if so, would you mind talking with me about any
> solutions you might have implemented?  Thanks.

The first thing you need to figure out is what problem you're trying to solve
with content filtering, and who's problem it is if somebody intentionally
bypasses it.

There's usually one of two things content filtering is trying to stop:

1) copyright issues, "subversive" materials, and so on - I'm of the opinion
that this is self-regulating.  There's no legal requirement that I'm aware of
to do more than a "best effort" to prevent others from infringing/etc, so if
somebody uses a proxy to evade your filter, that's *their* problem, not yours.
If somebody gets caught bypassing your content filters and getting into trouble
for it, make it a media event, and you'll see a quick drop-off.

2) filtering for viruses, worms, and other similar malicious software.  All I
can say here is that if you have a wireless network, or any other means for a
laptop brought onto campus to connect, you're doomed anyhow - your best bet
here is to do a "best attempt" at filtering at the gateway, and spend the rest
of your resources hardening the net and computers against the next one to get
loose on your net, rather than worrying about *how* they did the end run around
the filter...

There's the added possibility that they're doing it just to annoy you, because
they percieve the network management as a bunch of fascists bent on repressing
their attempts to get value out of the network.  This isn't a technical problem,
this is a PR problem - you need to get an *effective* dialog going with your
users, because there's a disconnect between what they want and what you intend
to provide.  For instance, I've heard of more than one case where a school ended
up punting a fascist firewall that stopped everything, deployed a Packeteer-class
box that did a massive throttle-back for heavy activity, and made clear to the
users that infringement was *their* problem - and everybody was much happier,
because the packeteer stopped the massive-abuse people but everybody else was
now able to get to material that had formerly been inaccessible (including a
*lot* of stuff that had been false-positive'ed before).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050929/4a92f31d/attachment.bin


More information about the unisog mailing list