Solved

Proxy Anonomyser problems: Hotspot Shield

Posted on 2013-10-22
2
616 Views
Last Modified: 2014-01-10
We have just discovered that Hotspot Shield is being used by some users in our organisation to by pass our internet security servers to access websites which are on our web security host's 'blocked website' policy.

I understand that Hotspot Shield is commonly and legitimately used to provide anonymous web browsing by people who use laptops etc. in unsecured WiFi hotspots - but we need to stop this program from being installed and used on our remote PCs.  The Hotspot Shield program is installed via a downloadable executable .exe file.

If there any way to edit a local PCs registry to stop a user running and installing such .exe based packages which give rise to a fully operational  'Hotspot Shield' application capable of acting as an unauthorised proxy server to access blocked internet sites ?
0
Comment
Question by:WJENorris
2 Comments
 
LVL 77

Assisted Solution

by:arnold
arnold earned 250 total points
ID: 39593172
One thing you can do is set a GPO that disallow the running of this application.

Presumably all your remote users are administrators of the laptops.

you could limit the running of common install, msiexec, etc. but that would mean that a user would not be able to run any install.

But having admin rights, a knowledgeable person could be able to bypass it the same way.

One option on your LAN is deny the destination to which hotspot shield connects.

Do you have an enterprise class of anti-virus?  Some have user control functions that will prevent installation of unauthorized application or prevent their running.
0
 
LVL 63

Accepted Solution

by:
btan earned 250 total points
ID: 39593576
Don't there is a sure win means if HIPS or lockdown using applocker or software restriction policies is easily bypass using the most privileged account. Some even use 3G or 4G dongle to skip the enterprise proxy etc.

Points to consider:

Block all egress ports except those that need out - Block unnecessary traffic if we certain it make callbacks to certain dest ip servers but that is not sure fix...

Direct all DNS requests through your own DNS servers, not ISPs - control DNS lookups for domains where you don't want traffic. Some subscribe OpenDNS

Content/Anti-virus filtering via transparent proxy - using a transparent proxy removes the need to touch any users' machines. It take a little time and tweak the nuances. Some stated it is flagged as 'malware'

Maybe overall we have to assume.... It may be easier to just block IP addresses of VPN servers as you find them. Of course, block ports that are obvious too (1754 is OpenVPN typically, IIRC)...but some just tunnel through known ports like tor browser so not full proof
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question