Workarounds: 5 Ways Employees Try to Access Restricted Sites

Company policy may forbid access to certain web sites, but some employees try creative techniques to view them anyway. Here are five common workarounds and what security can do about them.

By Joan Goodchild
Wed, August 11, 2010
. What's this?

CSO — There may have been a time when blocking certain sites was acceptable in most office environments. But what was once considered off-limits is now essential in many organizations. Social media sites like Facebook are a major part of many companies' marketing strategy. Sites like YouTube present opportunities to share information about products or services visually. And IM and chat services like G-chat are free and efficient ways for employees to communicate.

"I think generally the business drives the policy," said Dave Torre, founder and Chief Technology Officer of IT consultancy Atomic Fission. "If you work at the Department of Defense, I don't think any time at a social networking site on a secure computer is acceptable. But if you work in a marketing department, 15 minutes a day isn't nearly enough. Obviously you have to use some common sense as an IT manager and say 'What does our organization look like and how important are these tools on the internet for our users?'"

Also see "NSFW: What's acceptable computer use in today's workplace?"

Still, there are sites that usually have no legitimate place in the office, like gambling sites, which often tend to be as sketchy as pornography sites, according to Torre. He said he often gets calls from clients seeking help after employees have accessed gaming sites, and have been hit with a drive-by malware download.

Unfortunately blocking certain sites, such as a gambling site, doesn't always work. Industrious employees can, and do, find ways around site restrictions at work, potentially putting your network, data and even intellectual property at risk, according to Hugh Thompson, Program Committee Chair of the RSA Conference and Chief Security Strategist at People Security.

"Some workarounds can be dangerous because they might create a channel that data can flow out through that is not managed or monitored. These types of bypasses might make defenses like some data loss prevention systems less effective."

Here are five techniques--some simple, some more advanced--that your employees may be using to access the sites you don't want them to visit while on the job.

Workaround 1: Typing IP address instead of domain name

"In some cases, using the IP address of the blocked site can bypass checks that look for a domain name," said Thompson. "There are many websites that will give you the IP address for a favorite online destination."

As an example, check out the site baremetal.com where you can look up the IP address of just about any site. Plug that IP address into your browser, and it takes you there, bypassing the need to enter a domain name.

Continue Reading

Originally published on www.csoonline.com. Click here to read the original story.
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
White Papers »
How Much Containment Is Enough?
Achieving an optimum degree of airflow containment cannot be reached through a one-size-fits-all solution. The true measurement of any containment solution is dependent upon using a Hot Aisle, Cold Aisle or Cabinet Containment strategy that has been optimized for airflow, static pressure, leakage, bypass air and temperature variance.
Fast Track your Access to Business Intelligence
Identifying the right configuration and deploying complete, scalable data warehouses can be a time consuming, costly and error-prone process. Success ultimately depends on the ability to deploy a system that can support an expected level of performance - then allow that performance to scale linearly as needed.
Best Practices for Implementing a Data Warehouse on Oracle Exadata
Increasingly companies are recognizing the value of an enterprise data warehouse (EDW). A true EDW provides a single 360-degree view of the business and a powerful platform for a wide spectrum of business intelligence tasks ranging from predictive analysis to near real-time strategic and tactical decision support throughout the organization. Ensuring the EDW will get the desired performance and will scale out as your data grows you need to get three fundamental things correct, the hardware configuration, the physical data model and the data loading process. By correctly designing these three corner stones you will be able to create an EDW that can seamlessly scale without constant tuning or tweaking of the system.

By using the Oracle Exadata Database Machine as your data warehouse platform you have a balanced, high performance hardware configuration. This paper focuses on the other two corner stones, data modeling and data loading, providing a set of best practices and examples for deploying a data warehouse on the Oracle Exadata Database Machine.
Oracle: Big Data for the Enterprise
Analyzing new and diverse digital data streams can reveal new sources of economic value, provide fresh insights into customer behavior and identify market trends early on. But managing this influx of new data can be a challenge. To derive real business value from big data, you need the right tools to ca! pture and organize a wide variety of data types from different sources, and be able to easily analyze it with your enterprise data. By using the Oracle Big Data Appliance with Oracle Exadata, enterprises can acquire, organize and analyze all their enterprise data to make the most informed decisions.
Oracle Database 11g Product Family
By deploying Oracle Database 11g within their IT architecture, organizations can leverage the power of the world's leading database to reduce their server and storage costs and improve quality of service. Read this white paper to get an overview of the Oracle Database family of products and learn how you can transform your business, budgets, and service levels with Oracle Database 11g Release 2.
Oracle Real Application Testing 11g Release 2
Real Application Clusters with Oracle Database 11g, enables a single database to run across a cluster of servers, providing unbeatable fault tolerance, performance, and scalability with no application changes necessary. This white paper provides a technical overview of Oracle Real Application Clusters 11g Release 2 with an emphasis on the features and functionality that can be implemented to provide the highest availability and scalability for your enterprise applications.
Webcasts »
Enterprise Data Warehouse Appliance (EDW)
Join IDC Analyst Dan Vesset and HP Senior Architect, Jeff Spiller, as they discuss the rise of analytics, the impact of big data and need for scalable enterprise solutions. Learn about the HP Enterprise Data Warehouse appliance, which offers massive scale at low cost for single rack appliances up to large scale Data Warehouses. All while providing a single view of information across your enterprise that scales with your data, improves query performance and reduces IT cost over traditional data warehousing offerings. Featuring Intel® Westmere processors. View the entire webcast or only the chapters you desire.
Appliance video
The first appliance in the industry which consolidates and manages thousands of databases, integrates hardware, software and support and is scalable to meet your changing business needs.
Database Consolidation-SQL Server Appliance and Building Your Private Cloud
Please join guest speaker IDC Analyst Carl Olofson as he discusses Enterprise Data Center challenges and why database consolidation is important and necessary. And hear from HP expert Joe Sullivan, who will discuss the HP Database Consolidation Appliance and how it addresses enterprise industry challenges. Joe will provide an overview of product architecture and details on how the appliance enables companies to build their own private cloud. This webcast will provide the latest information for simplifying your data management needs while reducing costs.
Gaining A Competitive Advantage With Your Data
Fact: The demand to respond faster and with greater insight to business demands, based on data, is increasing. Fact: More organizations are turning to business intelligence (BI) and data warehousing for insightful decision-making.
Leverage automation today to reduce IT complexity
Date: Tuesday, June 5, 2012, 2:00 PM EDT

Whether your B2B complexity is caused by multiple technologies due to M&A, business or application specific needs or traditional under investment, the net effect is usually the same: high cost and lower productivity. Enabling business-to-business (B2B) integration using point-to-point EDI translators is usually time intensive and cost prohibitive.

Join IDC's Maureen Fleming and SAP for an insightful Webcast on the different approaches companies are taking to B2B integration and how you can ask the right questions to reassess you B2B approach.
Delivery Management -- Extending Lifecycle Management
Date: Wednesday, June 20, 2012, 1:00 PM EDT

Siloed organizations continue doing the wrong things and doing things wrong, leading to increased costs, project delays, lower quality, and time-to-market delays. Providing a collaborative platform where the whole organization can prioritize, share and manage deliveries with more transparency can help the organizations make more informed decisions at all levels, and greatly improve communications and traceability between teams. Hear from application lifecycle management experts how to increase delivery efficiency and effectiveness with a new approach to Delivery Management.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

How Much Containment Is Enough?

Fast Track your Access to Business Intelligence

Best Practices for Implementing a Data Warehouse on Oracle Exadata

Oracle: Big Data for the Enterprise

Oracle Database 11g Product Family

Oracle Real Application Testing 11g Release 2

Backup and Recovery Performance and Best Practices for Exadata Cell and the Sun Oracle Database Machine

BDW IDC White Paper

An Introduction to the HP Business Decision Appliance

EDW Solution Brief

BDA solution brief

HP Business Data Warehouse Appliance

Mobile Middleware Strategies

Native & HTML5 Mobile Apps: Not an either or, but a where and when

The Evolution of Enterprise Mobile App Development

AlertBoot Case Study

Gilt Groupe Case Study

See Tickets Case Study

STA Travel Case Study

Socialbomb Case Study
Sponsored Links

High performance. Delivered. Click to see Accenture's client successes

Master the cloud with the power of convergence from HP

Connect with IT leaders redefining mobility at the Enterprise Mobile Hub

Choose New and manage one device instead of 170

Choose New for 8x the firewall and NAT performance

Check out a smart way of mobilizing your business with enterprise-ready Samsung Mobile.

Redefine your data center with HP servers.

Enhance your business with Windstream IT Solutions. Speak to someone local.

BlackBerry® Mobile Fusion. Different mobile devices. One platform.

CYBERMARYLAND | Learn Why Maryland is the Epicenter for Cybersecurity

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Cognizant. Leading in Business, Application & Technology Services

Collaboration: driving better business outcomes

Gain cutting-edge insights at MIT in 2-5 day executive programs.

Click to see how Accenture has delivered high performance to clients

Complimentary Gartner Report on BYOD: Media Tablets & Beyond. View Now

Elevate storage agility and efficiency with HP 3PAR storage.

Choose New and slash the number of devices you manage

Customized information views & Twitter events at New Fulcrum Point

Splunk translates machine data into "aha" moments for IT and the business.

ManageEngine Desktop Central - Automate and Audit Your Desktop Management! Learn More...

Cloud Readiness Starts with Intel® Technology

Visit the Virtually There Learning Page to learn how to use virtualization to your competitive advantage.

Free: Hunter Muller's "The Transformational CIO."

Join us for an upcoming Microsoft 365 live online demo event.

Discover your easiest path to unified communications

Virtualizing Your Infrastructure Just Got Easier

Connect with global CIOs now at Enterprise CIO Forum

Resource Center
buy a link »
Ads by TechWords