Solved

Proxy Anonomyser problems: Hotspot Shield

Posted on 2013-10-22
2
607 Views
Last Modified: 2014-01-10
We have just discovered that Hotspot Shield is being used by some users in our organisation to by pass our internet security servers to access websites which are on our web security host's 'blocked website' policy.

I understand that Hotspot Shield is commonly and legitimately used to provide anonymous web browsing by people who use laptops etc. in unsecured WiFi hotspots - but we need to stop this program from being installed and used on our remote PCs.  The Hotspot Shield program is installed via a downloadable executable .exe file.

If there any way to edit a local PCs registry to stop a user running and installing such .exe based packages which give rise to a fully operational  'Hotspot Shield' application capable of acting as an unauthorised proxy server to access blocked internet sites ?
0
Comment
Question by:WJENorris
2 Comments
 
LVL 77

Assisted Solution

by:arnold
arnold earned 250 total points
ID: 39593172
One thing you can do is set a GPO that disallow the running of this application.

Presumably all your remote users are administrators of the laptops.

you could limit the running of common install, msiexec, etc. but that would mean that a user would not be able to run any install.

But having admin rights, a knowledgeable person could be able to bypass it the same way.

One option on your LAN is deny the destination to which hotspot shield connects.

Do you have an enterprise class of anti-virus?  Some have user control functions that will prevent installation of unauthorized application or prevent their running.
0
 
LVL 62

Accepted Solution

by:
btan earned 250 total points
ID: 39593576
Don't there is a sure win means if HIPS or lockdown using applocker or software restriction policies is easily bypass using the most privileged account. Some even use 3G or 4G dongle to skip the enterprise proxy etc.

Points to consider:

Block all egress ports except those that need out - Block unnecessary traffic if we certain it make callbacks to certain dest ip servers but that is not sure fix...

Direct all DNS requests through your own DNS servers, not ISPs - control DNS lookups for domains where you don't want traffic. Some subscribe OpenDNS

Content/Anti-virus filtering via transparent proxy - using a transparent proxy removes the need to touch any users' machines. It take a little time and tweak the nuances. Some stated it is flagged as 'malware'

Maybe overall we have to assume.... It may be easier to just block IP addresses of VPN servers as you find them. Of course, block ports that are obvious too (1754 is OpenVPN typically, IIRC)...but some just tunnel through known ports like tor browser so not full proof
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now