JOEBOX-L Archives

Joebox User

JOEBOX-L@LISTS.MAINE.EDU

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Ed Bourdeau <[log in to unmask]>
Reply To:
Joebox User <[log in to unmask]>
Date:
Thu, 30 Jun 2011 10:23:09 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (93 lines)
Thanks Ray, when you check the proxy box and then check the details, there is a list of proxies that it blocks.  Do you know where that list comes from?  I guess what I'm asking is, is it a regularly maintained/updated list by a third party?  If so, who and how often?  If not, what could we do to get to a list that is updated regularly?  Thanks,,Ed

Ed Bourdeau
Director of Technology
Erskine Academy
Tel. 1-207-445-2962-ext 125
-----Original Message-----
From: Joebox User [mailto:[log in to unmask]] On Behalf Of Ray Soucy
Sent: Wednesday, June 29, 2011 2:22 PM
To: [log in to unmask]
Subject: Re: proxies

Sorry for the X-Post.  Want to make sure we catch everyone.

If you're a Joebox user and not on the Joebox List drop a note to
[log in to unmask] to get added.

A lot of confusion around MecGuard (the web filter on the Joebox).

From what I've seen to date, it seems that the vast majority of
problems with MecGuard come down to two issues:

1. Users not enabling the URL category lists for sites that they wish
to block (example: there is a category list for proxy servers).

2. Users making use of the Real Time Filter without fully
understanding that it scans page content rather than the URL and
ultimately blocking the majority of web requests unintentionally.

For the sake of review, I've thrown together a few slides here, trying
to keep it as brief as possible.

http://www.networkmaine.net/msln/joebox/MecGuard-June_2011.pdf

HTTPS filtering is still a challenge as most of us are used to it
being done transparently by Bess.   MecGuard SSL requires some client
setup, which may or may not be easy depending on your environment.

There are a few areas where MecGuard could be improved and we're
working with MecNet to try and get some momentum on those.  In the
meantime, if you feel that MecGuard isn't working for you, OpenDNS is
an option that works for both HTTP and HTTPS.

Note that if you have a Joebox and decide to make use of OpenDNS,
MecGuard would be disabled completely.  This is an operational
decision as trying to troubleshoot connections with two filtering
systems would quickly lead to a lot of confusion and frustration on
both sides of the call.

So far I've only heard from a handful of MSLN participants that are
making use of MecGuard SSL today, but it seems to be functional for
them.  If this is not the case, please let us know.

Testing these things in a lab will never catch the problems that a
production network can.

On Tue, Jun 21, 2011 at 11:37 AM, Ed Bourdeau
<[log in to unmask]> wrote:
> I have a JoeBox, my primary filter is the MecGuard that is provided with
> the JoeBox, I'm looking at using the ssl next year.  Here is my issue,
> we are getting killed by proxies (which the ssl fix will not stop if I
> am reading it right).  Yes the Mecguard will block them if you put in
> the  site,,the problem is they are adding proxies faster than the you
> can keep up with it.  I'm sure I'm not the only one with this config and
> this issue.  Anyone find any effective ways to manage this?  I have
> asked about open dns (as a secondary filter) but to my understanding
> that is for people without MecGuard.  Right now my system is rather
> anemic to say the least.  Any suggestions or ideas would be
> appreciated,,,Ed
>
>
>
> Ed Bourdeau
>
> Director of Technology
>
> Erskine Academy
>
> Tel. 1-207-445-2962-ext 125
>



-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/

ATOM RSS1 RSS2