Hi!
On Mon, Jul 26, 2010 at 2:01 AM, goody goody <thinkodd_at_yahoo.com> wrote:
> Hi,
>
> In our organization we have restricted access to only limited IPs as per company
> policy, but what some users are doing that they are building their own proxy
> servers on any single allowed IP addresses and distribute access to their
> locally formed group.
Wow, these are good co-workers.
Let me guess: the restriction has recently been applied (ie, less than
one month ago).
I think that, the best to do is: When someone does that, and is
"discovered", he/she gets his/her privileges removed (ie: no more
navigation for you), also, I would implement a fine too (but this
depends on each country's law, in mine: I can't). But, I'm also a
little flexible when it comes to navigation privileges, thus: I have a
whitelist (with sites that are interesting to most employees, like the
bank's page) and I give them full access at certain hours every day.
>
> In this way our main proxy thinks that it is allowing access to only one IP
> whereas in real it is not the case.
>
> This has become a challenge and if there is any solution / work around to this
> please let me know.
And even if you find a way to avoid that, they will find a way of
doing that again.
I, actually, use user authentication instead of per-ip. Why? simple:
this makes user responsable for his/her actions with his/her username
(IP can be forged), we use the username to apply any administrative
sanction that needs to be applied, also, this let us give other users
in our network a "full internet access, on certain hours" (in our
case: nights, noons, and weekends).
I hope this helps,
Ildefonso Camargo
Received on Mon Jul 26 2010 - 20:37:43 MDT
This archive was generated by hypermail 2.2.0 : Tue Jul 27 2010 - 12:00:04 MDT