Solved

Users bypassing bluecoat proxy

Posted on 2013-06-25
8
6,033 Views
Last Modified: 2016-11-28
I have bluecoat proxy in my network and users are bypassing the proxy by using hotspot shield or ultrasurf and other these kind of softwares. How i can stop them to bypass bluecoat proxy?
0
Comment
Question by:Muhammad_Ashfaq
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
It's a never ending game of cat and mouse
http://community.spiceworks.com/topic/277623-best-way-to-block-hotspot-shield-and-other-unwanted-proxy-vpn-style-software

Start by limiting DNS leaving the wan and force your own servers. Then you can block sites. Unless you have a meraki or some other layer 7 appliance...
0
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
Comment Utility
No fullproof way unless the machine is lockdown and control but can has ripple effect...there is but it is far easier to alter his machine other wise it involves forcing all router traffic through praxy and tacacs server using radius to lock it all down and even then if he is determined it's possible to get a few packets through before clamping happens setting up the vpn anyway..
change his account abilities add ccproxy to his machine and use a good monitoring program

Ideally blocking of udp outbound may seems ok but there are other possible http proxy as well and of course should be block to reach in first place. I even seen some doing the ssl proxy to break and block those traffic request outbound. The key is to make sure traffic go through your proxy first.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Also proxy setting lockdown is enforced in managed client machine together with application control and no admin rights.  Even to single out only using specific browser only.
0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
Use WCCP to force them through the proxy, block outgoing destination ports for the user subnets so they can't use services on non-standard ports or vpn services.
Most importantly have a policy that they are aware of that tells them they can be disciplined for for such actions.
-rich
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 17

Expert Comment

by:surbabu140977
Comment Utility
We have disabled users from installing softwares in our domain. That does the trick. If windows group policy is properly designed, users can only do what you want. They cannot even change proxy ip in Internet explorer.

Windows domain has enough power to stop users, only we never learn/implement it properly.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
Comment Utility
Removal of rights aren't enough, our users can RDP home or use a HTTPS VPN to bypass unless we block at the network level, and force the use of the proxy. Users can still "install" firefox on their desktop w/o admin rights, the only limitation is they can't install to C:\program files or set FF as the default browser, same for Chrome, so they can fully bypass the proxy if they want to. There are "Portable" exe's  users can DL that don't even go through an MSI or other process if they want. You have to block at the network level, or force them through the proxy in some way.
-rich
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
You can't block everything. Deal the the root issue: why are people installing something to bypass your proxy?
0
 

Expert Comment

by:Prince Dhiman
Comment Utility
If you machine as installed bluecoat agent. You can disable bluecoat agent temporarily using below in cmd (runas administrator) if you have admin rights.

Run cmd as administrator
Net stop bcua-wfp                  [this service may not be visible in services.msc]
taskkill /im bcua-service.exe /f

after you can see the service status as down.


To start the service:
net start bcua-wfp
net start bcua
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now