I know there are a few I.T. savvy peeps out there...
A friend of mine is working for a firm that is going to implement Websense as some kind of proxy manager for connecting to the Internet. He fears that the reporting features will cause him to eliminate his time on the Internet monitoring his favorite Forum sites - similar to this one.
Does anyone know much about this product other than what the Websense.com site gives-up? Can it be fooled or spoofed? Anyway around this technology?
Any thoughts would be appreciated.

It tracks, block and notifies management of the exact websites that employees are going to. We've fired about 20 people for unauthorized sites. Websites are put in catagories and it keeps track of you exact time and site you go to. Becareful, the reports can be admissable in court... It cannot be spoofed as it is internally controlled, and unless he knows the DMZ address I doubt he can get around it. Numerous people have tried at our place, and all that leads to is termination. Depends on how the site is listed and what they want to monitor and/or time limits installed, no by-pass.
www2.***boat.com/forums/ comes up as non-categorized, so he might be safe for a while...

I understand that ***boat.com is now categorized, as it has "swimsuits" in the page.
Have him (right...) talk to his IT people. If he can convince them that he should be on that site, they can move it to another category, but it still reports. The reports can be filtered.
Maybe a pocket protector or a video game given to the right person would help.... :idea:

I understand that ***boat.com is now categorized, as it has "swimsuits" in the page.
Have him (right...) talk to his IT people. If he can convince them that he should be on that site, they can move it to another category, but it still reports. The reports can be filtered.
Maybe a pocket protector or a video game given to the right person would help.... :idea:
Spoken like a true computer geek. :p :D :D

I understand that ***boat.com is now categorized, as it has "swimsuits" in the page.
Have him (right...) talk to his IT people. If he can convince them that he should be on that site, they can move it to another category, but it still reports. The reports can be filtered.
Maybe a pocket protector or a video game given to the right person would help.... :idea:
We have the latest DB download, as of last night, it still is "none", but that can change any day. If any of my techs modified any reports, they would be term'ed immediately.

We have the latest DB download, as of last night, it still is "none", but that can change any day. If any of my techs modified any reports, they would be term'ed immediately.
Dang. Good thing I don't work for you! :hammer2: :wink:

If you're going to try and beat Websense, I recommend spending most of your time surfing at Monster.com.
Well said! Between Websense & Surf Control 99% of major companies use it. Just a little food for thought... You make $20/hr, you surf 1/hr day, in 1 years you waste $5K in salary, now multiply that by say 200 people doing it in a company that's a $1,000,000.00/Yr!!! Well worth the $20K we spent.
HB Forums come up as "Vehicles"

If you're going to try and beat Websense, I recommend spending most of your time surfing at Monster.com.
LOL,
They got it where I work, and I jump on accasionally. I change my settings to block avatars so it is less explicit. I don't spend more than 5 minutes on at a time. Got to stick with short posts.

We have the latest DB download, as of last night, it still is "none", but that can change any day. If any of my techs modified any reports, they would be term'ed immediately.
Methinks you mis-understood my post.
Knowing a DMZ address won't help. Depending on the configuration there may not even be one (DMZ).
There are many legitimate reasons for filtering reports, changing categories, or using different policies for different groups of people. All of these are commons configuration changes at install and after some use.
If the websense box is attached to your PIX, you can easily bypass the filtering:
You can configure a Cisco PIX Firewall to not pass specified traffic to Websense using the Filter URL Except command.
This command allows you to set the PIX Firewall to bypass any traffic coming or sent to a particular IP address.
filter url except local_ip local_mask foreign_ip foreign_mask allow
Examples
The line below would configure the PIX Firewall to allow any outbound traffic from the IP address 10.1.1.1 to go out unfiltered.
filter url except 10.1.1.1 255.255.0.0 0.0.0.0 0.0.0.0 allow
The next line would allow all users access to the destination IP address 216.109.124.73 without being filtered.
filter url except 0.0.0.0 0.0.0.0 216.109.124.73 0.0.0.0 allow
NOTE
Incoming or outbound traffic from IP addresses specified in these commands will not be filtered or logged by Websense.
You simply need access to your PIX..... :)

But Websense and Surf Control work off ISA boxes, and they run in conjunction with the user list from AD so there really isn't a way to by-pass it, unless you happen to get the Admin password... I see where your coming from, but in our shops you must hit the ISA box (authorized, and what sites authorized), they the PIX then out to the DMZ. If your not authorized in Active Directory & Web Monitioring, your not handed off to the PIX.
I got what you're saying, that's why I run the reports. And we filter for departments, website catagories etc, but the list also goes to GM's & HR...

Find an open port and use RDP to a home computer or find open ports and setup a proxy on the outside and go into IE proxy settings and change to the outside proxy settings.
Or maybe your friend should actually do what he is paid for and work. :hammerhea :wink: :cool:

The cheapeast and easiiest way to bypass Websense monitoring is to install a free PC control app called VNC on you home computer (similar to PCAnywhere except it's free), then open up only the ports needed for VNC on you home router/firewall (if you have one), and you can then connect to your PC at home and surf to ***boat via your home computer. Websense doesn't monitor VNC ports so this type of activity won't show up on any Websense reports. If these guys are just now getting around to installing Websense you can pretty much assume they are new to this monitoring stuff and they don't have any other high end monitoring tools to track this type of activity.
The other possible solution is to see if there is another default gateway used by only the IT department (sometimes they have one setup to bypass Websense for themselves). If this is the case then all you have to do is change the work PC default gateway adress to the one the IT deparment uses. But that is a real long shot.....

ISA 2003 blocks all out/in bound ports and you have to manually open the ports up for websense and internet access. We only open 80, 8080 ports so that idea wouldn't work. If they did open all ports the Proxy, PCAnyWhere, MYPC, & VNC ports would show up on the reports.

Right.
The combination of ISA and Pix is pretty good coverage.
Again, if he has good reason to go the sites he wants, they can make the changes. Depending on the changes, he may or may not show up on the reports. But you would want a good reason for him to go to those places.
Also, time restrictions can be emplaced, saying certain access is available during lunch or after hours. The reports will reflect what times these sites were accessed.....

So what everyone is saying my friend is SOL! Lots of good info here.
Next question...the same friend whenI relayed the information said that he has been using "spawned" windows to access the websites. As he explained it, he goes to a website that he knows is related to a justifiable business use and clicks on a link within it which spawns another window, then that window has a link for a "printer formated window" (so the graphics aren't printed) which spawns a third window. That's the window he uses to surf for NON-business related stuff. He claims - and from the info you guys posted can't work - that the third window is somehow linked to the business use window (1st to open) so that the web addresses are masked (?) that he is actually going to. Can this be possibly true?
Note..he's been surfing this way for a long time (years) and nobody has said anything to him. My opinion is that the IT staff is probably understaffed and just hasn't the resources to followup the URLs he visits. I can't imagine the "three spawn window" trick really works.
PS...he says it isn't that the company IT are newbies but the proxy server used to be at another facility and his facitlity is being sold. His IT staff is buying Websense as a corporate standard of the Corporation that's buying his facility. His internal people never monitored the Internet usage - that was left to the higher up corporate entity which has a HUGE staff.

Tell your friend to go back to work, that's what he gets paid for.
His usage will now be monitored. Smarter people than him have been caught, and many put in jail (I've assisted with this).
Tell him his job is not worth it...
my .02

That's pretty much my statement to him.

Tell your friend to go back to work, that's what he gets paid for.
His usage will now be monitored. Smarter people than him have been caught, and many put in jail (I've assisted with this).
Tell him his job is not worth it...
my .02
:yuk: :yuk: Work??? :wink:

So what everyone is saying my friend is SOL! Lots of good info here.
Next question...the same friend whenI relayed the information said that he has been using "spawned" windows to access the websites. As he explained it, he goes to a website that he knows is related to a justifiable business use and clicks on a link within it which spawns another window, then that window has a link for a "printer formated window" (so the graphics aren't printed) which spawns a third window. That's the window he uses to surf for NON-business related stuff. He claims - and from the info you guys posted can't work - that the third window is somehow linked to the business use window (1st to open) so that the web addresses are masked (?) that he is actually going to. Can this be possibly true?
Note..he's been surfing this way for a long time (years) and nobody has said anything to him. My opinion is that the IT staff is probably understaffed and just hasn't the resources to followup the URLs he visits. I can't imagine the "three spawn window" trick really works.
PS...he says it isn't that the company IT are newbies but the proxy server used to be at another facility and his facitlity is being sold. His IT staff is buying Websense as a corporate standard of the Corporation that's buying his facility. His internal people never monitored the Internet usage - that was left to the higher up corporate entity which has a HUGE staff.
It doesn't work that way, it's monitored... Just wait his time will come. We termed a guy today, been monitoring him for 7 months, total lost wages $10K, we had over 600 pages of his sites!

HB Forums come up as "Vehicles"
It comes up as swimsuit and lingerie here.
There are potential ways around web sense but unless your web security team are circus monkeys, you will not succeed for long. An amazing amount of information is available provided the administrators know how and have the energy to extract it.
It's worth while thinking about why the company installed WebSense. If you try to subvert that system, it will probably not be taken in a light hearted manner. It's tough to plead ignorance when you've gone to great pains to get around a screen that's telling you to stop doing what you're doing.
The very best way around WebSense is with a dial modem but, once again, it is a potential point of policy violation. Any organization that has implemented WebSense has almost certainly put in place a policy against user initiated Internet connections.

It comes up as swimsuit and lingerie here.
Check the forums- www2.***boat.com/forums/
One little clause in our staff hand book... "Any Non-Business Related Site"

Knowing a DMZ address won't help. Depending on the configuration there may not even be one (DMZ).
Well said. By the way, I'm a CCNP also. :cool:
There are definitely ways to get around WebSense but it's tough to bring in a 200mb/day traffic flow under the radar.
If the company doesn't want you surfing, it's probably best not to push it.

If the company doesn't want you surfing, it's probably best not to push it.
That is correct!

OMG!!!! I am going to be fired :2purples: :2purples: :2purples:

I keep a copy of all the "higher up's" activity for job security... :D

I keep a copy of all the "higher up's" activity for job security... :D
Mr. VD...er PB, that sounds like a good idea :D

Well said. By the way, I'm a CCNP also. :cool:
There are definitely ways to get around WebSense but it's tough to bring in a 200mb/day traffic flow under the radar.
If the company doesn't want you surfing, it's probably best not to push it.
Way to go TB, you'll like this story.
For about 5 years I worked as a traveling admin, I would be flown off somewhere to install our appliance onto peoples live networks. Most often for install, sometimes just to demo the box. The box could be a firewall, filter spam, block pop-ups, read or filter all im's, redirect to websense, or another filter, read all emails (even most encrypted). It could do nearly anything with IP traffic, including the most advanced reports (2001-2004) in the industry. It was scary at times, as it is Win2000 based, and few networks are stable. It would go inline :2purples: just inside the PIX (if they had one).
I was up North doing an install when we found a lot of bad traffic. This was in the heady days of Kazaa, so I always saw 60-75% P2P, but this traffic wasn't good. So we brought in the cops and....
Here's what happened (http://www.modbee.com/local/story/5114607p-6120732c.html)
He went to jail.
While I was there we helped put 12 in jail around the country, we called them the dirty dozen.... :cool:

Does Websense do a free trial some companys can see the loss they may have?? What software do they have that can monitor 30 employees for wasted time on the net?? :messedup:

Does Websense do a free trial some companys can see the loss they may have?? What software do they have that can monitor 30 employees for wasted time on the net?? :messedup:
Here you go:
Download site (http://ww2.websense.com/global/en/Downloads/)
You should be able to setup on a spare machine.
Then you get to determine the amount wasted.
Consider becoming a reseller, any school using Erate funds must have Something (this or something else) in place..... :)

Surf Control is pretty good, and might be a little cheaper for what you need, and has a 30 day demo. http://www.surfcontrol.com

ISA 2003 blocks all out/in bound ports and you have to manually open the ports up for websense and internet access. We only open 80, 8080 ports so that idea wouldn't work. If they did open all ports the Proxy, PCAnyWhere, MYPC, & VNC ports would show up on the reports.
No SMTP or SSL or FTP? Sounds like you lock them down tight. I see a lot of networks that are scary how unsecure they are
:notam:
It's kinda good you need to lock ti down...job security :D

SMTP & POP goes thru the exchange server, then external server for holding and scanning, no SSL or FTP, & limit up & download KB for internet. I work in Gaming and a disgruntal employee could send the player database to future employer. Email limited to 1m or less file, with a 87g db, it would take them some time...

(with respect!)
It's funny how the most advanced companies offer very little access to the net. Meanwhile I'm (honestly) putting DS3's into k-6 schools. :messedup:
Larry Ellison bought a wireless product (airespace) simply to shut down all wireless access anywhere on his campuses.... :idea:

Got to love all the bandwidth for the kids, and I can get anymore T's in Mesquite because the LEC doesn't have any more lines...

Lots of hotties work there, they are one of my clients.

hey guys, what about using AOL ??? My websense blocks me from coming on ***boat, but I can access it by logging on to AOL.