Comments on: Schools Battle Proxies http://jonsnetwork.com/2008/05/schools-battle-proxies/ Network Security News, Analysis and Ephemera Fri, 15 Jan 2010 17:44:55 -0800 http://wordpress.org/?v=2.9.2 hourly 1 By: Jon Robinson http://jonsnetwork.com/2008/05/schools-battle-proxies/comment-page-1/#comment-627 Jon Robinson Thu, 29 May 2008 15:51:32 +0000 http://jonsnetwork.com/?p=130#comment-627 <p>Hi Chris, When I say I think monitoring works better than filtering, I'm talking about getting users to comply with the AUP and to start behaving well on the network. I don't think anyone should ditch the filter. I just think they should be realistic about what it does. They all have holes in them and you can get a better picture of AUP violations with better monitoring. </p> <p>You bring up an excellent point with the malicious code subject. That is probably the main reason to filter right now. Look at <em>all</em> sites for dangerous code rather than just looking at the URL from an AUP point of view. The malicious code risk is way low on the radar of schools in my experience. Many of the filters they use are not equipped to deal effectively with that risk. What I said was mainly targeted at schools (my main customers) that rely on their filter to do something that monitoring can do better in my experience. It's mainly psychological: a video camera that lets you know you are being watched vs a fence that needs to be jumped over. </p> <p>About the palo alto thing...that is totally based on hearsay from all three companies and totally qualitative based on my experience. I could be totally wrong. Fine, I'll go do some homework and find out the right answer.</p> Hi Chris, When I say I think monitoring works better than filtering, I’m talking about getting users to comply with the AUP and to start behaving well on the network. I don’t think anyone should ditch the filter. I just think they should be realistic about what it does. They all have holes in them and you can get a better picture of AUP violations with better monitoring.

You bring up an excellent point with the malicious code subject. That is probably the main reason to filter right now. Look at all sites for dangerous code rather than just looking at the URL from an AUP point of view. The malicious code risk is way low on the radar of schools in my experience. Many of the filters they use are not equipped to deal effectively with that risk. What I said was mainly targeted at schools (my main customers) that rely on their filter to do something that monitoring can do better in my experience. It’s mainly psychological: a video camera that lets you know you are being watched vs a fence that needs to be jumped over.

About the palo alto thing…that is totally based on hearsay from all three companies and totally qualitative based on my experience. I could be totally wrong. Fine, I’ll go do some homework and find out the right answer.

]]> By: Christofer Hoff http://jonsnetwork.com/2008/05/schools-battle-proxies/comment-page-1/#comment-620 Christofer Hoff Thu, 29 May 2008 06:11:02 +0000 http://jonsnetwork.com/?p=130#comment-620 <p>Jon:</p> <p>I'm wondering about your last paragraph. </p> <p>What if you're not just interested in "accountability" but also protecting against malicious drive-by client-side attacks?</p> <p>Monitoring is important, but how do you reconcile AUP violations against legitimate sites doing illegitimate things if compromised?</p> <p>Were you suggesting that monitoring can replace filtering?</p> <p>Also, how did you establish that Palo Alto does MITM/SSL proxy the fastest?</p> <p>Thanks,</p> <p>Hoff</p> Jon:

I’m wondering about your last paragraph.

What if you’re not just interested in “accountability” but also protecting against malicious drive-by client-side attacks?

Monitoring is important, but how do you reconcile AUP violations against legitimate sites doing illegitimate things if compromised?

Were you suggesting that monitoring can replace filtering?

Also, how did you establish that Palo Alto does MITM/SSL proxy the fastest?

Thanks,

Hoff

]]>