[4063] in WWW Security List Archive
Re: Net nanny on the server side? (Proxy??)
daemon@ATHENA.MIT.EDU (Zygo Blaxell)
Sat Jan 25 00:41:59 1997
From: zblaxell@tenchi.myrus.com (Zygo Blaxell)
To: www-security@ns2.rutgers.edu
Date: 24 Jan 1997 22:50:17 -0500
Errors-To: owner-www-security@ns2.rutgers.edu
In article <32E7DABF.18B@hon.com>, SMTP Daemon <Webmaster@hon.com> wrote:
>Alexey Zilber wrote:
>> Is there a way to have Net Nanny (or a similar thing) on a Proxy to prevent
>> users from accessing restricted sites??
>> Alex
>
>What you are asking is possible with WinGate. It can filter both sites
>and sites containing certain words in the URL's. It will filter by IP,
>Host or words containing or matching..
Of course, all of this is just a race between the people who make content
filters and people who make anonymizers. It's not difficult to design a
WWW anonymizer that encrypts the URLs it is forwarding by anonymous proxy
(to break pattern-matching rules) and someone somewhere will probably
come up with a proxy product that encrypts data for steganographic
transmission (so if you have a firewall that only allows GIF files,
it will re-encode all traffic as valid GIF images and decode it on the
browser end. Not *real* images; just take the input data and translate
it into pixel data. Of course the countermeasure for this is to run all
GIFs through a GIF->JPG->GIF conversion process...anyway...) and decode
it on the browser end. Of course, nobody that I know of has actually
implemented this yet, so you're safe for at least a month.
The only "final solution" is to prevent users from accessing non-approved
sites, because if they can find someone on the Internet to co-operate
with them they can access anything that the machines they co-operate with
can access, nanny or no nanny.
--
Zygo Blaxell. Unix/soft/hardware/firewall/security guru. 10th place, ACM Intl
Prog Contest, 1995. Admin Linux+Solaris for food, Tshirts, anime. Pager: 1613
7608572. "I gave up $1000 to avoid working on windoze... *sigh*"-Amy Fong. "smb
is a microsoft toy, like a "child" protocol that never matured"-S Boisjoli.
