02-20-2008 12:33 PM - edited 03-10-2019 04:00 AM
I would like to monitor proxy bypass connections and report on them. We have MARS and IPS modules in our 2 ASA5520.
Solved! Go to Solution.
03-17-2008 09:05 AM
You run the risk of false positives, but have you tried IPS sig ID 5188(and the subsignitures) or creating your own custom signiture. We use some IPS 4200s in my district and have had some false positives, but to date it was non-work related websites.
02-20-2008 03:09 PM
What do you mean by "proxy bypass connection"? Do you mean attempts by users to bypass an HTTP proxy?
02-21-2008 06:03 AM
I mean students who use anonymizer programs: surfcontrol, etc. to bypass our internet content filter software. i would think that the IPS could detect some of these and report on it.
02-21-2008 06:36 AM
It is very difficult to detect such things effectively, even at the proxy. Many of them utilize HTTP CONNECT tunnels that look just like any other HTTPS connection to the Internet. The only thing the typical proxy sees is the "CONNECT
There are gateway(proxy) product that supports SSL inspection(MITM), like WebWasher or BlueCoat. These will be able to see the unencrypted HTTP data and will have a better chance at detection.
02-21-2008 07:07 AM
Thanks. We are using 8e6 as our web content filter, but I was wondering if MARS or IPS could specifically help with monitoring/blocking proxy/anonymizer attempts. Multiple security layers are always a good thing. So MARS/IPS can't really help with stopping these?
02-21-2008 07:27 AM
IMHO, MARS/IPS can't do it well enough for it to be worth the effort. I'm not familiar with 8e6, but you might have a look at this:
02-21-2008 08:43 AM
Thanks. That is what we currently have. I guess I continue to use what we have.
03-17-2008 09:05 AM
You run the risk of false positives, but have you tried IPS sig ID 5188(and the subsignitures) or creating your own custom signiture. We use some IPS 4200s in my district and have had some false positives, but to date it was non-work related websites.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide