An organization has discovered that users are visiting unauthorized websites using anonymous proxies. Which of the following is the BEST way to prevent future occurrences?
A. Remove the anonymity from the proxy
B. Analyze Internet Protocol (IP) traffic for proxy requests
C. Disable the proxy server on the firewall
D. Block the Internet Protocol (IP) address of known anonymous proxies
B and D are correct, however users could be using unknown anonymous proxies or spin up their own, D wouldn’t prevent it. B looks better to me.
Section I: Detecting Known Proxies
If you know something is a proxy, you can block it with a blacklist. This can be a lot of work to
keep up. One possibility is to make use of proxy advertisement sites to update your blacklist for you.
https://www.sans.org/reading-room/whitepapers/detection/detecting-preventing-anonymous-proxy-usage-32943
D
would not say most, but would definitely say they need to review their grading measures
Most of the answers given are incorrect
Hey VCEGuide,
Why in the world would you pick C for this question?????
You are misleading us!
Again!
D is definitely the answer here… The organization in question does not own the proxy in question, how are they to disable it? So they block the port! I’ve a simple port rotation can resolve that issue especially if the first jump point is your own before getting to the actual proxy.
D is the right one. You may think to block port 3128 or 8080 from the firewall, but this not solve the problem. Another proxy can use another port.
You can not block all the anonymous proxies. You can filter the traffic from the gateway and try yo identify the proxies ips.