How to Stop the Use of Anonymizer Websites on Your Network With SolarWinds Security Event Manager

How to Stop the Use of Anonymizer Websites on Your Network With SolarWinds Security Event Manager


One of the ways some of your more
tech-savvy end-users will circumvent your security policies is by using
anonymizer websites. These are sites that basically just skip through your content
filters and all your organizational policies and basically proxy all the
communications out the internet and then back through to their machine. Let me
show you how we’re going to take care of that with SolarWinds Security Event
Manager. So instead of actually looking at the dashboard events or nodes, I’m
gonna actually jump to groups first. So let’s go to ‘Groups’ and then we’re going to
change it to ‘User-defined groups’. Now, one of the groups that we ship with the
product is anonymizer websites, so let’s go ahead and take a look at those. And
you can see we’ve got just under 130 right now of anonymizer websites. So the
user-defined group anonymizer websites really is just a list of string
matches. So the beauty of that is you can add, you can delete from it, so if there
are some legitimate business needs you need to use some of these, you can always
take it off the list, and if you discover new ones, you can add them to this list.
So let’s go ahead and just build a quick rule with this. So we’ll create a rule
from template. We’ve already built a template for anonymous access, so you can
select anonymous web traffic. So if the URL is in that list of websites, it
happens once in 30 seconds within a 5-minute window, we can do any number of
things action-wise. Add users, block IPs, create accounts, kill processes, anything
we really like. But for the sake of this demo, we’re just going to say that
we’re going to create an incident. And then, just click ‘Create’. Some users may try to
use these anonymous websites to circumvent your security policies and
this is just another way that SolarWinds Security Event Manager helps you
maintain those policies in your organization.

Author: Kevin Mason

Leave a Reply

Your email address will not be published. Required fields are marked *