Re: bypassing employer's proxy to surf anonymously

From: Paul Robertson (compuwar@gmail.com)
Date: Tue Jun 13 2006 - 18:38:00 EDT

• Next message: Paul Robertson: "Re: Publishing Findings on Commercial Applications"
• Previous message: Alex: "Re[2]: cain & abel full routing"
• In reply to: Craig Wright: "RE: bypassing employer's proxy to surf anonymously"
• Next in thread: alan: "RE: bypassing employer's proxy to surf anonymously"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On 6/13/06, Craig Wright <cwright@bdosyd.com.au> wrote:
>
> Or to put my comment in again as I have on this topic numerous times over the years as it pops up.
>
> Maybe the question should be rephrased from "how do I bypass the employer's proxy to surf anonymously?" to:
>
> How do I breach the terms of my employment?
> How do I seek to bypass the controls that my company has put in place?
> How do I show that I can not be trusted?
> How do I break systems rather than fixing or building them?
> How do I show that I have low moral character?
> How do I demonstrate that I should not be woirking in the security industry?!

For some juristictions, "How do I become a criminal?"

>
> The issue is not how to break it. but how to stop this. What controls will help? What montiroing and logs will be of use?
>

Tunneling is best limited by (a) limiting the specific protocols and
destinations available to a user, (b) monitoring user activity or
performing random spot-checks, (c) limiting what client software
executes on the desktop (MS' software restrictions in group policies
are fun!) and (d) traffic analysis- tunnel traffic won't look like
normal Web surfing traffic, and that's where you can normally nail
them.

Paul

-- 
fora.compuwar.net
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

• Next message: Paul Robertson: "Re: Publishing Findings on Commercial Applications"
• Previous message: Alex: "Re[2]: cain & abel full routing"
• In reply to: Craig Wright: "RE: bypassing employer's proxy to surf anonymously"
• Next in thread: alan: "RE: bypassing employer's proxy to surf anonymously"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:05 EDT