I posted this question last week but it disappeared, sorry if you've already read this...
We are using Barracuda Web Filter as a proxy server and use group policy to point users at it and to not allow them to change the proxy settings. We've been using it for a few months and it's working well. HOWEVER, reviewing the web logs, there is one user whose use has changed in the last couple weeks. Now, instead of the typical surfing, the only things that show up in the web log are random addresses, as if there were a few applications that are just going out for a couple requests. And that's all that is recorded for him. Given his position, I know he has to at least be visiting other sites for work purposes, but nothing has shown up for a few weeks besides these few random addresses (I think they might have to do with certificates - I've seen the addresses a couple times for other people as well).
Anyway, my question is, how could I tell if he is in some way getting around our proxy? I've been googling it and have found a lot of instructions on creating an ssh tunnel or remoting in to a home computer and using the internet through that one, but I haven't found anything about how to see if someone else is doing this AND how to prevent it.
Can anyone help me? Thanks in advance.
(I don't know why it would matter but he has Vista)
We are using Barracuda Web Filter as a proxy server and use group policy to point users at it and to not allow them to change the proxy settings. We've been using it for a few months and it's working well. HOWEVER, reviewing the web logs, there is one user whose use has changed in the last couple weeks. Now, instead of the typical surfing, the only things that show up in the web log are random addresses, as if there were a few applications that are just going out for a couple requests. And that's all that is recorded for him. Given his position, I know he has to at least be visiting other sites for work purposes, but nothing has shown up for a few weeks besides these few random addresses (I think they might have to do with certificates - I've seen the addresses a couple times for other people as well).
Anyway, my question is, how could I tell if he is in some way getting around our proxy? I've been googling it and have found a lot of instructions on creating an ssh tunnel or remoting in to a home computer and using the internet through that one, but I haven't found anything about how to see if someone else is doing this AND how to prevent it.
Can anyone help me? Thanks in advance.
(I don't know why it would matter but he has Vista)