RE: A Question? Or just an observation...
- From: "Dan Crain" <DanC@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 28 Apr 2005 23:24:52 -0400
Well, luckily my users aren't as savy as yours...I did the color to Real
Time Monitor awhile ago...nice feature...I change the database one a
month too just because I ran into a similar problem and it slowed the
connection down to almost dial up speed.....we mainly do reports on the
last couple of weeks so it's not a problem to start with a new database
and it keeps things moving...
-----Original Message-----
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Thursday, April 28, 2005 7:35 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: A Question? Or just an observation...
http://www.ISAserver.org
Yes, there are lots of ways to get around SurfControl, and the users
know it. They're probably like the kids I got here, they keep trying
constantly, looking for a hole. All it takes is for them to find a
momentary lapse in blocking, and they'll start checking non-stop
afterwards.
For example, we had SurfControl problems last Friday, where the database
got corrupt and the service shut itself down. We couldn't fix it
without taking the entire Internet Access down, so we decided to run for
the last couple of hours without it. It took them about five minutes to
figure that out, and immediately several of them were hitting every
naughty site they could think of. We disconnected several sessions, and
disabled a few accounts to slow it down, but you could tell the word was
spreading fast. If the bell hadn't rung right about then, we would have
had to shut down all connections.
While recreating the rules after rebuilding SurfControl, we decided to
block the Games category, as nearly a third of our daily traffic was
Shockwave games. It took them less than an hour to figure out how to go
through Russian websites to play anyways.
As we find the websites, we submit them to SurfControl to add them to
their database, but it won't stop them. If they want to check their
e-mail, they can find a e-mail proxy that isn't in the SurfControl
database that will access their e-mail anyways. Your blocking is only
as good as the URL database. If you don't keep updating that constantly
it'll be terribly out of date within a month or so.
We found several little quirks with SurfControl also, like if you add
the Web-Based E-Mail category into the same rule as the Executables to
block both, neither will work. If I hadn't the real-time monitor up to
see where they were going (Hint: change the color of certain categories
to highlight activity), I probably wouldn't have noticed that they
weren't being blocked.
After today though, with an incident involving protests over blocking
web journals, I'm going to modify my blocked page to include a copy of
our AUP.
-----Original Message-----
From: Dan Crain [mailto:DanC@xxxxxxxxxxxx]
Sent: Thursday, April 28, 2005 15:40
To: [ISAserver.org Discussion List]
Subject: [isalist] A Question? Or just an observation...
http://www.ISAserver.org
Can Surfcontrol be missing some blocked sites?
This person tries everyday to check their home email, I get an email
saying she was blocked. She tried 13 times today.
Now..is it missing being blocked soemtimes that she feels like gambling
it will work. Is there someway to put a buzzer sound that will come
through on the blocked sites? Maybe a little shock through the keyboard?
Actually, from the emails I get from the server, everyone has to try a
blocked site at least 3 times before they actually believe they can't
get onto it.
Well, glad to see my server works..it's nice to see a non-problem on
here every now and then...
Dan
Daniel A. Crain
Systems Administrator
Dean, Ringers, Morgan and Lawton, P.A.
201 E. Pine Street, Suite 1200
Orlando, FL 32802
Phone: (407) 422-4310
DanC@xxxxxxxxxxxx
To err is human, but to really foul things up requires a computer.
Farmers' Almanac, 1978
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Danc@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
