Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9266
  • Last Modified:

Users bypassing bluecoat proxy

I have bluecoat proxy in my network and users are bypassing the proxy by using hotspot shield or ultrasurf and other these kind of softwares. How i can stop them to bypass bluecoat proxy?
0
Muhammad_Ashfaq
Asked:
Muhammad_Ashfaq
  • 2
  • 2
  • 2
  • +2
2 Solutions
 
Aaron TomoskySD-WAN SimplifiedCommented:
It's a never ending game of cat and mouse
http://community.spiceworks.com/topic/277623-best-way-to-block-hotspot-shield-and-other-unwanted-proxy-vpn-style-software

Start by limiting DNS leaving the wan and force your own servers. Then you can block sites. Unless you have a meraki or some other layer 7 appliance...
0
 
btanExec ConsultantCommented:
No fullproof way unless the machine is lockdown and control but can has ripple effect...there is but it is far easier to alter his machine other wise it involves forcing all router traffic through praxy and tacacs server using radius to lock it all down and even then if he is determined it's possible to get a few packets through before clamping happens setting up the vpn anyway..
change his account abilities add ccproxy to his machine and use a good monitoring program

Ideally blocking of udp outbound may seems ok but there are other possible http proxy as well and of course should be block to reach in first place. I even seen some doing the ssl proxy to break and block those traffic request outbound. The key is to make sure traffic go through your proxy first.
0
 
btanExec ConsultantCommented:
Also proxy setting lockdown is enforced in managed client machine together with application control and no admin rights.  Even to single out only using specific browser only.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Rich RumbleSecurity SamuraiCommented:
Use WCCP to force them through the proxy, block outgoing destination ports for the user subnets so they can't use services on non-standard ports or vpn services.
Most importantly have a policy that they are aware of that tells them they can be disciplined for for such actions.
-rich
0
 
surbabu140977Commented:
We have disabled users from installing softwares in our domain. That does the trick. If windows group policy is properly designed, users can only do what you want. They cannot even change proxy ip in Internet explorer.

Windows domain has enough power to stop users, only we never learn/implement it properly.
0
 
Rich RumbleSecurity SamuraiCommented:
Removal of rights aren't enough, our users can RDP home or use a HTTPS VPN to bypass unless we block at the network level, and force the use of the proxy. Users can still "install" firefox on their desktop w/o admin rights, the only limitation is they can't install to C:\program files or set FF as the default browser, same for Chrome, so they can fully bypass the proxy if they want to. There are "Portable" exe's  users can DL that don't even go through an MSI or other process if they want. You have to block at the network level, or force them through the proxy in some way.
-rich
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
You can't block everything. Deal the the root issue: why are people installing something to bypass your proxy?
0
 
Prince DhimanCommented:
If you machine as installed bluecoat agent. You can disable bluecoat agent temporarily using below in cmd (runas administrator) if you have admin rights.

Run cmd as administrator
Net stop bcua-wfp                  [this service may not be visible in services.msc]
taskkill /im bcua-service.exe /f

after you can see the service status as down.


To start the service:
net start bcua-wfp
net start bcua
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now