HTTP Proxies used for Fighting Spyware: Feedback
trainier at kalsec.com
trainier at kalsec.com
Fri Sep 23 19:30:31 UTC 2005
Apologies up-front if this really is off topic, but my experience with
proxies and security, in general, might be of value in this case.
I use an HTTP proxy to help identify, block and report Spyware. I'm using
a squid proxy with a SquidGuard blacklist which I update more so than the
community does.
As spyware hits our network here, I find their entries in the squid access
log and add the entries to the blacklist. The trouble is, I'm just one
guy doing it when I can. Perhaps
it would be of value to form a community that updates a centralized
database (or just a flat text file, like squidguard does) which identifies
and blacklists websites, domains and urls
which contain viruses/phishers/malware content? I would most certainly be
interested in working on a project like that.
However, much like my opinion on mitigating SPAM, I'm not convinced this
is any sort of catch-all solution. I manage malware protection, the same
way I manage SPAM protection. A slew of 2-5 mechanisms which work
together to bring the best results whilst still maintaining the least
number of false positives possible.
So, got some free time? I'd gladly start a project/database/website to
put a malware blacklist database together. The key to it being
successful, is unanimous decisions on what is blocked and what is not.
Again, if this is off-topic, my apologies.
Speaking of which, can someone re-point me to document that explains what
is and is not considered to be on-topic? :-)
Tim Rainier
Information Services, Kalsec, INC
trainier at kalsec.com
Two Bit <two.bit7 at gmail.com>
Sent by: owner-nanog at merit.edu
09/23/2005 03:17 PM
Please respond to
Two Bit <two.bit7 at gmail.com>
To
nanog at merit.edu
cc
Subject
HTTP Proxies used for Fighting Spyware: Feedback
Hi there, long-time Nanog lurker network engineer with a (maybe off-topic)
question related to network architecture solutions to fight the
spyware/greyware problem. I was wondering if anyone might have any
experience deploying anti-spyware solutions which reside on HTTP Proxies.
Several products claim to be able to detect spyware on the wire such as
ISS, SonicWall, Fortinet, Astaro, BlueCoat. However, I am concerned about
the performance, especially since they have to use an AntiVirus product on
the back-end (heavy processing). Curious what the user experience might
be, how effective any of these solutions are in really catching spyware,
and any other operational experiences from engineers employing any of
these solutions out in the field (not from vendors, please) that may help
narrow down the choices. Thanks for any input.
More information about the NANOG
mailing list