Skip to main content

This section of the ISM provides guidance on web proxies.

Web usage policy

If organisations allow users to access the web they should define the extent of access that is granted. This can be achieved through a web usage policy and education of users.

Security Control: 0258; Revision: 3; Updated: Aug-19; Applicability: O, P, S, TS
A web usage policy is developed and implemented.

Using web proxies

Web proxies are a key component in enforcing web usage policies and preventing cyber security incidents.

Security Control: 0260; Revision: 2; Updated: Sep-18; Applicability: O, P, S, TS
All web access, including that by internal servers, is conducted through a web proxy.

Web proxy authentication and logging

Thorough web proxy logs are a valuable asset when responding to cyber security incidents and user violation of web usage policies.

Security Control: 0261; Revision: 4; Updated: Sep-18; Applicability: O, P, S, TS
A web proxy authenticates users and provides logging that includes the following details about websites accessed:

  • address (uniform resource locator)
  • time/date
  • user
  • amount of data uploaded and downloaded
  • internal and external IP addresses.