Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 639
  • Last Modified:

Proxy Anonomyser problems: Hotspot Shield

We have just discovered that Hotspot Shield is being used by some users in our organisation to by pass our internet security servers to access websites which are on our web security host's 'blocked website' policy.

I understand that Hotspot Shield is commonly and legitimately used to provide anonymous web browsing by people who use laptops etc. in unsecured WiFi hotspots - but we need to stop this program from being installed and used on our remote PCs.  The Hotspot Shield program is installed via a downloadable executable .exe file.

If there any way to edit a local PCs registry to stop a user running and installing such .exe based packages which give rise to a fully operational  'Hotspot Shield' application capable of acting as an unauthorised proxy server to access blocked internet sites ?
0
WJENorris
Asked:
WJENorris
2 Solutions
 
arnoldCommented:
One thing you can do is set a GPO that disallow the running of this application.

Presumably all your remote users are administrators of the laptops.

you could limit the running of common install, msiexec, etc. but that would mean that a user would not be able to run any install.

But having admin rights, a knowledgeable person could be able to bypass it the same way.

One option on your LAN is deny the destination to which hotspot shield connects.

Do you have an enterprise class of anti-virus?  Some have user control functions that will prevent installation of unauthorized application or prevent their running.
0
 
btanExec ConsultantCommented:
Don't there is a sure win means if HIPS or lockdown using applocker or software restriction policies is easily bypass using the most privileged account. Some even use 3G or 4G dongle to skip the enterprise proxy etc.

Points to consider:

Block all egress ports except those that need out - Block unnecessary traffic if we certain it make callbacks to certain dest ip servers but that is not sure fix...

Direct all DNS requests through your own DNS servers, not ISPs - control DNS lookups for domains where you don't want traffic. Some subscribe OpenDNS

Content/Anti-virus filtering via transparent proxy - using a transparent proxy removes the need to touch any users' machines. It take a little time and tweak the nuances. Some stated it is flagged as 'malware'

Maybe overall we have to assume.... It may be easier to just block IP addresses of VPN servers as you find them. Of course, block ports that are obvious too (1754 is OpenVPN typically, IIRC)...but some just tunnel through known ports like tor browser so not full proof
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now