Skip Links

Workarounds: 5 ways employees try to access restricted sites

By Joan Goodchild, CSO
August 11, 2010 10:41 AM ET

CSO - There may have been a time when blocking certain sites was acceptable in most office environments. But what was once considered off-limits is now essential in many organizations. Social media sites like Facebook are a major part of many companies' marketing strategy. Sites like YouTube present opportunities to share information about products or services visually. And IM and chat services like G-chat are free and efficient ways for employees to communicate.

"I think generally the business drives the policy," said Dave Torre, founder and Chief Technology Officer of IT consultancy Atomic Fission. "If you work at the Department of Defense, I don't think any time at a social networking site on a secure computer is acceptable. But if you work in a marketing department, 15 minutes a day isn't nearly enough. Obviously you have to use some common sense as an IT manager and say 'What does our organization look like and how important are these tools on the internet for our users?'"

Also see "NSFW: What's acceptable computer use in today's workplace?"

Still, there are sites that usually have no legitimate place in the office, like gambling sites, which often tend to be as sketchy as pornography sites, according to Torre. He said he often gets calls from clients seeking help after employees have accessed gaming sites, and have been hit with a drive-by malware download.

Unfortunately blocking certain sites, such as a gambling site, doesn't always work. Industrious employees can, and do, find ways around site restrictions at work, potentially putting your network, data and even intellectual property at risk, according to Hugh Thompson, Program Committee Chair of the RSA Conference and Chief Security Strategist at People Security.

"Some workarounds can be dangerous because they might create a channel that data can flow out through that is not managed or monitored. These types of bypasses might make defenses like some data loss prevention systems less effective."

Here are five techniques--some simple, some more advanced--that your employees may be using to access the sites you don't want them to visit while on the job.

Workaround 1: Typing IP address instead of domain name

"In some cases, using the IP address of the blocked site can bypass checks that look for a domain name," said Thompson. "There are many websites that will give you the IP address for a favorite online destination."

As an example, check out the site where you can look up the IP address of just about any site. Plug that IP address into your browser, and it takes you there, bypassing the need to enter a domain name.

Security fix:

"The older style of approach here would be to use some sort of IP blacklist database," said Torre. "Many companies provide these. However, a better approach is to ignore the IP/URL altogether and examine the data on the web page itself. This is a little more resource intensive, but far more effective. It's much more accurate since a web site such as Google or Yahoo can call data from other sites. The "parent" site would almost always be white-listed, so any malicious or inappropriate content would also be trusted. Examining the content line by line regardless of where it comes from is recommended. "

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News