Hi everyone, we are using a client server environment. the server is windows 2003 and clients are xp. we have all the security applied so that no user can install any applications in any client. we have a proxy server so that users can't bypass it. but we have couple of other proxy ip address so that some applications will work with that.
our problem is it seems that some users installing mozilla firefox on their machines and giving the proxy address which is meant for applications and bypassing our own proxy and using internet.
so i don't know how to prevent the users installing mozilla firefox on their client machines.
thanks in advance...
There are conflicting statements in your description: In the first paragraph you say "weprevent users from install firefox have all the security applied so that no user can install any applications in any client". In the second paragraph you say "our problem is it seems that some users installing mozilla firefox." Do you see the problem? These statements are mutually exclusive. So, you either have users with administrative rights (so they can install Firefox) or they can't install software at all.
So, go and check your client systems. If you see Firefox installed, your user credentials administration is flawed. If Firefox is not installed, you're dealing with different problems: One possibility is that users are running Firefox from a USB stick. If your users are smart enough to do that, they'll probably also use something like FoxyProxy to circumvprevent users from install firefoxent your client system configurations (see links below). The other possibility is that foreign systems access your network from time to time (use MAC address filtering on the LAN and firewall to prevent this from happening).
Assuming you have only legitimate client systems on the network, you can prevent unauthorized Internet access by configuring your proxies in such a way that they filter the traffic by browser type (from the HTTP “User-Agent” header) and only allow permitted browsers (e.g. IE). As a starting point, you may want to read Mick Bauer's excellent introduction to the Squid proxy "Building a Secure Squid Web Proxy" (see links below). I'm sure this will give you some ideas.
No comments:
Post a Comment