> 1) I have configured my local proxy server using SQUID to deny access to
> anything or everything.
>
> 2) I can very simply go to each users PC and set Netscape up to use proxy
> server. Therefore that PC is controlled via the proxy server. So far so good.
>
> 3) However, if a smart user changes the netscape config such that he will
> bypass the proxy server and use the direct connection, he now have full access
> to the Internet again.
>
> How do I fix this such that the user will not able to change the config on the
> Netscape? Otherwise the use of the proxy would be pointless if the user can
> change components on his PC.
Blocking it on the PC is pointless. They can always install another web
browser, etc. Unless you install a completely secured workstation (eg,
Linux, noexec on all writable areas, etc), there's just no point.
What you should do is block it at the router.
eg,
int eth 0
ip access-group 123 in
!
access-list 123 deny tcp any any eq 80
access-list 123 permit ip any any
or something like that (assuming Cisco router).
David.
Received on Tue Jun 29 1999 - 04:26:11 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:02 MST