… so I’m going to make the case that you should simply be blocking them en masse. But first, a little background.

Dynamic Addressing by ISPs

Internet Service Providers (ISPs) own blocks of contiguous IP addresses (aka “netblocks”) that they in turn assign to the computers that connect to the Internet through their service. When you sign up for DSL, Cable or even dial-up service and connect your computer to the Internet, the ISP assigns your computer an IP address from within a netblock it owns.

Some ISPs provide static IP services, where your computer keeps the same IP address all the time. But the vast majority of home computers are signed up for less expensive dynamic IP services, where your computer gets a new address each time it connects to the Internet. The address is often different every time you connect. But it’s always from within the same netblock.

This allows the ISP to sign up more customers than IP addresses it owns, kind of like how a bank is allowed to loan out money it doesn’t actually have in the vault. Since only a percentage of the ISP’s customers are connected at any give time, this works fine.

How to tell if an IP is in one of these Netblocks

My personal DSL provider is DSLExtreme. When my home computer connects to the Internet (actually, it’s my router), it’s always assigned an address in the netblock 72.25.123.0/24, which includes a range of IPs from 72.25.123.0 to 72.25.123.255.

(more…)

We have just released the latest version of our core web filtering appliance - version 2.0.10 of the R3000. General availability of the patch is set for January 7th, but you can contact Tech Support and request it today if you like. We’re going GA after the Holidays to reduce the load on Tech Support, which always sees a spike in activity after a major patch release (despite our best efforts).

There is lots of great stuff in this release. However, in this post I’m going to focus on the changes that affect how we handle proxies: improvements in our HTTPS filtering and pattern-based blocking. I’m going to cover:

• Block page on a pattern block
• New options that enhance HTTPS Medium and tame HTTPS High
• Whitelist feature for pattern detection

Let’s take a look at the details.

(more…)

I occasionally get emails from new customers, usually just after they’ve installed the filter for the first time, that read like this:

“How come you guys don’t have proxy.example.com in your database?? I can’t believe you don’t block this proxy! It’s the first one I found!”

They are almost always correct when they say that we didn’t have some given proxy site in our Library. We have many, many thousands of proxy URLs in the Library, but certainly not all of them.

However, they are almost always wrong when they say that we don’t block it.

(more…)

Know thy enemy. Keep your friends close, and your enemies closer. If you are an IT administrator charged with the task of securing your network, the most important knowledge you possess is an in-depth understanding of the threats you’re working to counter.

Some are external threats: How does malware propagate? What techniques does spam email use to evade detection? Some are internal threats: Which of my employees has access to sensitive data? Which programs are my users installing and using to get their jobs done, how do those tools work, and how do I secure them? And of course …

How will my users circumvent the security infrastructure of my network, inadvertently or otherwise?

(more…)