websense
Results 1 to 9 of 9

Thread: websense

  1. #1
    Junior Member
    Join Date
    Apr 2003
    Posts
    1

    websense

    any one knows how to overthrough websense

    thanks

  2. #2
    Member
    Join Date
    Mar 2003
    Posts
    49
    What in the hell are you talking about? did you now read anything before you posted? does your browser say "Anti Online. Cracking and crackers" ? noooooooooo it says anti Online Hacking and Hackers, im sorry if you mean something else but a one liner post saying over through that.....looks pretty stupid.

  3. #3
    Senior Member VicE$DoS$'s Avatar
    Join Date
    Nov 2002
    Posts
    209
    Thats an easy one,

    Get 5 dollars, pounds, euros, yen -- whatever currency is applicable.

    Go down to your local library or internet cafe and pay to use there connection.

    Et voila! You have circumvented Websense.



    ===============================================================
    (If this is a legitimate query I apologiese, give more details, why do you need to bypass Websense?)
    ===============================================================
    I remember when Nihil was ickle. Does that mean I'm old?

  4. #4

  5. #5
    Member
    Join Date
    Mar 2003
    Posts
    30
    Let's assume for the moment that this is a legitimate question. Actually it is a rather legitimate question because it pertains to organizations that have deployed a URL filtering solution and believe that these solutions are 100% foolproof and accurate. So far in my experience I have found very few absolutes. URL filtering solutions are a case in point.

    I have found that using a proxy will occasionally "get past" a URL filter. I don't think I'm telling any secrets here. Though I haven't looked at the more recent iterations of the more popular filtering solutions (WebSense, SurfControl, N2H2) - I was under the impression that they are supposed to be getting better at detecting and preventing unauthorized proxying. I could be wrong.

    A lot can also depend on the design and implementation of the filtering solution. If you put it in wrong, you can open up some pretty gaping holes for people to just go around the filter. My personal preference if it matters is setting a WebSense box as the URL filter destination in either a Checkpoint or PIX firewall. There really is no way to get around this configuration unless the userID or IP address is configured to not be filtered.

  6. #6
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    amazingzarkon writes
    Let's assume for the moment that this is a legitimate question...
    OK, maybe it was, maybe it was not. ( I thought it was not at first, until I read this post, pondered, and became humbled. )

    Put your thinking caps on before replaying please !!!!!!!!!!!!!!!

    Let me run by a scenario.

    There is a Sys-Admin who thinks "Security" means they have a firewall ( or firewalls, but has no idea what a remote log server is, nor how to construct or administer a firewall. )
    This Sys-Admin is REQUIRED ( does not matter here what the reason, just that they are required ) to have filtering software installed, and has stated to the powers-that-be they do.
    After being confronted with proof they do not, the Sys-Admin has employees install Websense and claims the reason it was down was because it was being updated, even though the logs and some of the employees have verified the facts.

    1) The bosses of the Sys-Admin are computer illiterate ( now there's a revelation. )
    2) a representative of the "stockholders" is somewhat computer-savvy.
    3) same representative of the "stockholders" wants to prove that the Sys-Admin is not acting in the interests of the "stockholders".
    oh, and so as not to get flamed;
    4) the Sys-Admin has NO training ( self or otherwise ) in computers or computer networking, but was a "political" appointment when actual trained personnel were almost non-existent, and has made no attempt to learn, other then to hire "consultants" to do their work for them.

    Having this in mind, I will revise the question:

    Does anyone know of known exploits to Websense ( whether or not there are patches. )
    i.e. is it easy to exploit or are there well known exploits and patches that SHOULD be installed, and/or are there commonly overlooked security settings?
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  7. #7
    Member
    Join Date
    Mar 2003
    Posts
    30
    I think that if WebSense is installed and configured properly it is quite difficult if not impossible to get around. With the aforementioned possible exception of end-users configuring their browser to use an external proxy server.

    Probably the most common configuration errors issues or oversights with WebSense that I've seen include scenarios where the WebSense server is configured as a proxy setting on the enduser's browser config. It is trivial to remove or change the proxy setting. This can be somewhat limited by implementing ACL's on the firewall that only permit outbound HTTP that has a source address of the Proxy.

    Another "hole" I've seen involves a WebSense implementation that was not integrated with a Domain structure - this means that the filtering rules were based upon IP addresses. Someone doped out addresses that were not as tightly filtered and there were endusers manually changing their IP addresses. This was in my opinion a little more impessive on the part of the user community.

    If I am asked to design a Websense deployment, I will always suggest either a CheckPoint or PIX firewall with a direct pointer to the WebSense box as the URL filter. Basically with this configuration, it is impossible for a user to do an "end-around" - which is how I've seen the biggest holes in WebSense deployments.

    Though it should be noted that at least with the PIX, there is an option to allow all outbound internet traffic if the WebSense server is unavailable. This prevents an interuption to web browsing in the event that the WebSense server or service crashes.

    ACL's on the firewall can do some good with reducing the ability of end-users to proxy through the filter.

    Since WebSense is an application running on hardware and an OS, it is possible for the box to be targeted - but I can't think that there are many users who would attempt a DoS attack on an internal host simply to get around a URL filter.

    Other issues that may present a problem with WebSense might be the URL classifications. It is possible if not probable that there are websites that your users may need access to that have been classified into categories that you are restricting. Likewise, there will be sites that have not been classified in categories yet. You can always tweak these settings yourself and/or suggest a URL for addition to the WebSense filtering database.

    I am not aware of any shortcomings, gaping holes, or issues with the WebSense software itself.

    Don't know if this is what you're looking for. Hope it helped.

  8. #8
    Member
    Join Date
    Mar 2003
    Posts
    99
    Amazing is correct in the definition of websense. We currently use WebSense along with multiple firewalls at our company. The PIX will allow access to the internet once the websense sever is offline, but the problem we have run into, not lately thank goodness, is that WebSense slows down the internet access to a crawl at times. I have to restart the WebSense service on the box and the problem goes away. I don't think this problem is due to the filtering itself, but something else within the software. The majority of the time we have no problems with WebSense. Also the updates to WebSense's filtering database is done automatically via downloads from WebSense's servers. The manual upgrades to the core WebSense software will take the system offline, but you shouldn't have to be doing this a lot of the time, or even during business hours. Those upgrades should be done during a maintenance window, before or after business hours or on weekends. An admin that is doing upgrades that are not an immediate need during business hours needs to have his head examined...

  9. #9
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    amazingzarkon
    I can't speak for darna but that is just what I had in mind when I posted.

    I have been asked numerous times to get people past Websense and my answer has always been the same, that it was put there for a reason. I knew about the proxy server but would not tell them, and most wouldn't understand how to use it anyway. It's the few who would understand that I worry about. ( "knowledge is good, but a little knowledge is dangerous" )

    I think I'm going to save this in case I have to configure ( or reconfigure ) a Websense install.

    Thanks
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •