Thursday, January 04, 2007

On Getting to Blocked Web Sites

So, why would someone who runs a security blog link to a list of advice on bypassing web filters (see ”Top 10 methods to access banned websites”)?

Good question! Here is the answer: a large part of web content filtering seems like a bit of a counter-productive scam to me. With each content filter used, I have seen very large numbers of very annoying "false positives" (i.e. useful and harmless sites being blocked) that lead me to think of ways of bypassing them. The best analogy would be if you anti-virus solution will flag and destroy random non-malicious files every day. Would you use it? No way!

Is that a good thing? No. Is that a policy violation? Maybe. But - guess what? - once I needed to go to SecurityFocus to do my job and some dumb content filtering vendor blocked it in their default configuration as a site on "hacking" (wOw, that is deep!) This did happen a few years ago, before Symantec bought the site, but, to be honest, I never checked back whether they still block it.


Anonymous said...

I interned at an aerospace contractor this summer and had the same problems with WebSense content filters and Sidewinder proxies for websites like SecurityFocus.

My sessions got flagged as 'hacking site' as well. I wasn't working in "IT Security" though... but I wonder if the security guys ever had the same problem.

Anonymous said...

No, no, no! Bad analogy. Web content filters don't destroy the sites you're trying to get to so that you can never recover them.

They serve a useful purpose in organizations that (1) want to avoid liability, and (2) want to prevent MOST of the questionable/offensive/non-business web sites from being visited by their employees. We don't have time to sit there and comb through weblogs after the fact to figure out which sites were in bad taste (nor would we want to). Nobody wants to have to yell at users for going to, or worse yet, have to discipline them. It's a lot easier just to prevent as much of it as we can, without comment. If an innocent site gets blocked, you request it be added to the whitelist. What's the big deal?

My first thought on seeing that list of ways to access banned sites was, "Oh, great, now I have to monitor for some other stuff on our network. Thanks a lot." The only bonus is that if I find an employee using one of those methods, we'll know that he's deliberately trying to go to "bad sites," not getting there by accident.

Now, we're not China, but I really don't see why people can't just get over themselves and go HOME to do their non-work browsing. They don't have a God-given right to visit MySpace while they're at work.

Anton Chuvakin said...

"Now, we're not China, but I really don't see why people can't just get over themselves and go HOME to do their non-work browsing."

This TOTALLY misses my point - I was posting about the fact that some (many?) content filters are very dumb and block WORK-RELATED sites.

Now, everybody heard the one about a porn site sysadmin complaining that he cannot see how his colleague from a competitive site arranged his PHP scripts; well, for him even a porn site is work-related.

Dr Anton Chuvakin