Solved

Users bypassing bluecoat proxy

Posted on 2013-06-25
8
6,548 Views
Last Modified: 2016-11-28
I have bluecoat proxy in my network and users are bypassing the proxy by using hotspot shield or ultrasurf and other these kind of softwares. How i can stop them to bypass bluecoat proxy?
0
Comment
Question by:Muhammad_Ashfaq
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39276787
It's a never ending game of cat and mouse
http://community.spiceworks.com/topic/277623-best-way-to-block-hotspot-shield-and-other-unwanted-proxy-vpn-style-software

Start by limiting DNS leaving the wan and force your own servers. Then you can block sites. Unless you have a meraki or some other layer 7 appliance...
0
 
LVL 63

Assisted Solution

by:btan
btan earned 250 total points
ID: 39276959
No fullproof way unless the machine is lockdown and control but can has ripple effect...there is but it is far easier to alter his machine other wise it involves forcing all router traffic through praxy and tacacs server using radius to lock it all down and even then if he is determined it's possible to get a few packets through before clamping happens setting up the vpn anyway..
change his account abilities add ccproxy to his machine and use a good monitoring program

Ideally blocking of udp outbound may seems ok but there are other possible http proxy as well and of course should be block to reach in first place. I even seen some doing the ssl proxy to break and block those traffic request outbound. The key is to make sure traffic go through your proxy first.
0
 
LVL 63

Expert Comment

by:btan
ID: 39276965
Also proxy setting lockdown is enforced in managed client machine together with application control and no admin rights.  Even to single out only using specific browser only.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39277668
Use WCCP to force them through the proxy, block outgoing destination ports for the user subnets so they can't use services on non-standard ports or vpn services.
Most importantly have a policy that they are aware of that tells them they can be disciplined for for such actions.
-rich
0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 39277955
We have disabled users from installing softwares in our domain. That does the trick. If windows group policy is properly designed, users can only do what you want. They cannot even change proxy ip in Internet explorer.

Windows domain has enough power to stop users, only we never learn/implement it properly.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 39277999
Removal of rights aren't enough, our users can RDP home or use a HTTPS VPN to bypass unless we block at the network level, and force the use of the proxy. Users can still "install" firefox on their desktop w/o admin rights, the only limitation is they can't install to C:\program files or set FF as the default browser, same for Chrome, so they can fully bypass the proxy if they want to. There are "Portable" exe's  users can DL that don't even go through an MSI or other process if they want. You have to block at the network level, or force them through the proxy in some way.
-rich
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39278173
You can't block everything. Deal the the root issue: why are people installing something to bypass your proxy?
0
 

Expert Comment

by:Prince Dhiman
ID: 41904662
If you machine as installed bluecoat agent. You can disable bluecoat agent temporarily using below in cmd (runas administrator) if you have admin rights.

Run cmd as administrator
Net stop bcua-wfp                  [this service may not be visible in services.msc]
taskkill /im bcua-service.exe /f

after you can see the service status as down.


To start the service:
net start bcua-wfp
net start bcua
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question