Solved

Users bypassing bluecoat proxy

Posted on 2013-06-25
8
6,351 Views
Last Modified: 2016-11-28
I have bluecoat proxy in my network and users are bypassing the proxy by using hotspot shield or ultrasurf and other these kind of softwares. How i can stop them to bypass bluecoat proxy?
0
Comment
Question by:Muhammad_Ashfaq
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 39276787
It's a never ending game of cat and mouse
http://community.spiceworks.com/topic/277623-best-way-to-block-hotspot-shield-and-other-unwanted-proxy-vpn-style-software

Start by limiting DNS leaving the wan and force your own servers. Then you can block sites. Unless you have a meraki or some other layer 7 appliance...
0
 
LVL 62

Assisted Solution

by:btan
btan earned 250 total points
ID: 39276959
No fullproof way unless the machine is lockdown and control but can has ripple effect...there is but it is far easier to alter his machine other wise it involves forcing all router traffic through praxy and tacacs server using radius to lock it all down and even then if he is determined it's possible to get a few packets through before clamping happens setting up the vpn anyway..
change his account abilities add ccproxy to his machine and use a good monitoring program

Ideally blocking of udp outbound may seems ok but there are other possible http proxy as well and of course should be block to reach in first place. I even seen some doing the ssl proxy to break and block those traffic request outbound. The key is to make sure traffic go through your proxy first.
0
 
LVL 62

Expert Comment

by:btan
ID: 39276965
Also proxy setting lockdown is enforced in managed client machine together with application control and no admin rights.  Even to single out only using specific browser only.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39277668
Use WCCP to force them through the proxy, block outgoing destination ports for the user subnets so they can't use services on non-standard ports or vpn services.
Most importantly have a policy that they are aware of that tells them they can be disciplined for for such actions.
-rich
0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 39277955
We have disabled users from installing softwares in our domain. That does the trick. If windows group policy is properly designed, users can only do what you want. They cannot even change proxy ip in Internet explorer.

Windows domain has enough power to stop users, only we never learn/implement it properly.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 39277999
Removal of rights aren't enough, our users can RDP home or use a HTTPS VPN to bypass unless we block at the network level, and force the use of the proxy. Users can still "install" firefox on their desktop w/o admin rights, the only limitation is they can't install to C:\program files or set FF as the default browser, same for Chrome, so they can fully bypass the proxy if they want to. There are "Portable" exe's  users can DL that don't even go through an MSI or other process if they want. You have to block at the network level, or force them through the proxy in some way.
-rich
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 39278173
You can't block everything. Deal the the root issue: why are people installing something to bypass your proxy?
0
 

Expert Comment

by:Prince Dhiman
ID: 41904662
If you machine as installed bluecoat agent. You can disable bluecoat agent temporarily using below in cmd (runas administrator) if you have admin rights.

Run cmd as administrator
Net stop bcua-wfp                  [this service may not be visible in services.msc]
taskkill /im bcua-service.exe /f

after you can see the service status as down.


To start the service:
net start bcua-wfp
net start bcua
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question