A web filter is a ubiquitous tool for protecting networks and preventing employees or students from accessing inappropriate content. Shockingly the 2019 Insider Threat Intelligence Report from Dtex found that 95% of enterprises caught their employees actively seeking ways to bypass corporate security protocols.
In this article I will outline the methods that employees use to bypass web content filtering policies and provide you with tips to prevent them from happening.
With this knowledge of how to bypass web filters you can bolster your internet security strategy with policies, procedures, and technologies that counter these web filter bypass methods.
BrowseControl is an easy-to-use web filter that helps organizations enforce policies, improve productivity, reduce bandwidth consumption, and meet compliance requirements – no matter where their users are located.
With BrowseControl you can ensure a safe and productive environment by blocking high-risk, distracting, or inappropriate websites, improve network performance by blocking bandwidth hogs, and prevent users from using unsanctioned applications and software-as-a-service providers
BrowseControl’s security policies are enforced by a software agent that is installed on your user’s computers. This allows the solution to continue blocking websites and applications even when computers are taken off-site.
BrowseControl’s central console allows you to configure your security policies from the convenience of a web browser.
With BrowseControl you can Block or allow websites based on URL, category, domain, or IP address, assign custom policies for each group of computers or users, prevent users from launching specific applications, and block network ports to reduce the attack surface of your network
There are three key methods for blocking websites with BrowseControl:
The Blocked List allows you to block specific websites based on URL, domain, or IP address
Category Filtering allows you to block millions of websites across over 100 content categories including pornography, social media, and virus-infected sites.
and finally, you can use the Allowed List to allow specific websites that would otherwise be blocked based on their category, or for the greatest security and control you can block all websites except for those that are on the Allowed List.
When your users try to visit a blocked website they can either be presented with a custom warning message or directed to another site, such as a page with a reminder of your organization’s internet use policy.
With BrowseControl’s App Blocker you can prevent your users from launching specific applications.
Simply select the group you would like to restrict, enter the Original Filename of the application to the Application List, and add it to the blocked applications list.
When the user tries to launch the blocked application they can be presented with a custom warning message that alerts them of the restriction.
BrowseControl is best used in tandem with our computer monitoring software BrowseReporter. Using both solutions provides the visibility and control you need to ensure that your organization’s computers are being used appropriately.
Don’t let internet abuse run rampant in your organization. Take back control over web browsing with a free trial of BrowseControl.
Get started today by visiting CurrentWare.com/Download
If you have any technical questions during your evaluation our support team is available to help you over a phone call, live chat, or email.
Thank you!
Need to block your employees from accessing certain websites? Get started today with a free trial of BrowseControl, CurrentWare’s web filtering software.
”As a ‘novice’ I was able to set up with help from support in about an hour. Previous software took forever and didn’t work as advertised; this software worked right out of the box. It allows my workers to use the internet and make money for the practice without distraction/temptation to use personal websites/email/shopping.”
– Gerard B., Office Manager
Reducing the amount of admin accounts is a strongly recommended security practice. The proliferation of unnecessary admin privileges increases the likelihood that threat actors could gain access to the network through compromised high-privilege accounts.
From a web filtering perspective giving your users limited privileges prevents them from downloading unwanted bypass applications (e.g. proxies) or making configuration changes that can harm the security of your network.
Your company policy needs to explicitly forbid attempts to bypass security measures. An acceptable use policy (AUP) complements your web filtering software by providing employees with clear guidelines for using technology in the workplace.
An AUP sets a precedent for corrective action should your users attempt to bypass organizational security controls. Once you discover evidence of such attempts you must address the user(s) responsible in a timely manner to dissuade future avoidance attempts.
While employees and students may use some sort of website bypasser method to access content that should be blocked according to your internet use policy, your web filter may be blocking access to legitimate websites they need access to.
By using web filtering technology that allows end-users to request access to websites you can manually override the web filtering policy to allow access to legitimate websites that have been accidentally blocked.
What’s more important: productivity or security?
Distracting and unproductive websites are often blocked in the workplace. Here’s the thing: if your employees really want to use Facebook at work, they’ll find a way.
If you are using a web filter to prevent distractions, disgruntled users are more incentivized to bypass your web filter than they would if it was used solely for security and decency reasons.
From a network and endpoint security perspective allowing your users to access social media is a lesser concern than incentivizing them to bypass corporate web filtering policies and potentially visiting high-risk websites.
Alternatively you can schedule less restrictive web filtering policies during breaks to allow your employees or students to access distracting content at designated periods.
That’s not all, though…
There’s another reason that your employees or students want to get around your web filter. Sometimes it is simply that they want to gain access to content that they shouldn’t be accessing, but that is not always the case. Your web filter may actually be blocking access to legitimate research.
Your web filtering solution needs to be easy to manage. It should allow you to easily unblock websites that have been wrongfully blacklisted. Being able to effortlessly provide access to blocked websites will reduce the temptation for your users to seek out risky filter avoidance techniques.
DNS-Over-HTTPS (DoH) is a protocol that encrypts DNS queries, making the URL visited undetectable to network-level filters. The intention of DoH is to increase the privacy of users by reducing the data available to ISPs and other providers, however it has inadvertently caused problems in corporate environments that use DNS-based web filters.
The very same encryption that hides DNS traffic from ISPs also hides the details that network-level web filters need to effectively block websites.
Employees and students can use web browsers that support DoH to bypass network-level web filtering policies. Some web browsers such as Firefox enable DoH by default, leading to security concerns in organizations that use web filters to protect their network against phishing attacks.
Proxies are websites and applications that act as a gateway between the user and the internet. Companies often use their own purpose-built proxy servers that act as a firewall and web filter but employees can also use third-party proxies to bypass internal content filtering measures.
There are three key ways that proxies can be used to break through corporate web filters:
Effectively preventing the use of proxies requires a multi-pronged approach. You will need to combine web filtering, user permission restriction, USB access control, and application blocking to address all of the possible methods.
A Virtual Private Network (VPN) creates a private encrypted network between two networks. These tools are often used to provide remote workers with access to software applications hosted on their employer’s network.
A VPN bypasses web filters and tunnels through firewalls by masking the network traffic of the user. This makes it difficult to detect or decipher the websites they are visiting, forcing system administrators to block the VPN connection entirely if they want to prevent it from circumventing their filtering policies.
Smartphones include a feature known as “tethering”, which lets you use your phone’s mobile data to create a private Wi-Fi hotspot. This hotspot can be used to connect another phone, tablet, or computer to the internet.
If you are filtering websites at the network level with a DNS filter or firewall your employees can bypass your web filter by disconnecting their work laptop from your filtered network and connecting to their cell phone’s private Wi-Fi hotspot.
An agent-based web filter that blocks websites at the device level cannot be bypassed using this method. The software agent will cache web filtering policies locally, allowing the last known blacklist to be enforced even when your employees connect to an outside network.
Your users can use services such as PortableApps.com to install portable web browsers on a USB flash drive. This method is more difficult to detect than the other methods as the browsers can be launched directly from the removable media device without the need to visit a website or install a program on their computer.
These USB-based web browsers are configured to route their internet traffic through a proxy address that bypasses the internet filtering policies of your network.
Need a solution for blocking unwanted USB devices? Get started today with a free trial of AccessPatrol, CurrentWare’s USB device control software.
Get started today—Download the FREE template and customize it to fit the needs of your organization.
Web filters are excellent tools for preventing employees and students from accessing high-risk and inappropriate websites. Over time tech-savvy users have discovered increasingly complex and creative ways to bypass local security policies.
To protect against this trend, restriction-based policies must be combined with computer monitoring and administrative safeguards. Network administrators can further bolster the integrity of their filtering policies by including the use of agent-based web filters that enforce website blacklists when users are off the main network.
Cookie | Duration | Description |
---|---|---|
__cfruid | session | Cloudflare sets this cookie to identify trusted web traffic. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
JSESSIONID | session | The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application. |
LS_CSRF_TOKEN | session | Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed. |
OptanonConsent | 1 year | OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
_zcsr_tmp | session | Zoho sets this cookie for the login function on the website. |
Cookie | Duration | Description |
---|---|---|
_calendly_session | 21 days | Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar. |
_gaexp | 2 months 11 days 7 hours 3 minutes | Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_GY6RPLBZG0 | 2 years | This cookie is installed by Google Analytics. |
_gcl_au | 3 months | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
_opt_expid | past | Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile. |
NID | 6 months | NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. |
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
_dc_gtm_UA-6494714-6 | 1 minute | No description |
_gaexp_rc | past | No description available. |
34f6831605 | session | No description |
383aeadb58 | session | No description available. |
663a60c55d | session | No description available. |
6e4b8efee4 | session | No description available. |
c72887300d | session | No description available. |
cookielawinfo-checkbox-tracking | 1 year | No description |
crmcsr | session | No description available. |
currentware-_zldp | 2 years | No description |
currentware-_zldt | 1 day | No description |
et_pb_ab_view_page_26104 | session | No description |
gaclientid | 1 month | No description |
gclid | 1 month | No description |
handl_ip | 1 month | No description available. |
handl_landing_page | 1 month | No description available. |
handl_original_ref | 1 month | No description available. |
handl_ref | 1 month | No description available. |
handl_ref_domain | 1 month | No description |
handl_url | 1 month | No description available. |
handl_url_base | 1 month | No description |
handlID | 1 month | No description |
HandLtestDomainName | session | No description |
HandLtestDomainNameServer | 1 day | No description |
isiframeenabled | 1 day | No description available. |
m | 2 years | No description available. |
nitroCachedPage | session | No description |
organic_source | 1 month | No description |
organic_source_str | 1 month | No description |
traffic_source | 1 month | No description available. |
uesign | 1 month | No description |
user_agent | 1 month | No description available. |
ZCAMPAIGN_CSRF_TOKEN | session | No description available. |
zld685336000000002056state | 5 minutes | No description |