Solved

Proxy Anonomyser problems: Hotspot Shield

Posted on 2013-10-22
2
617 Views
Last Modified: 2014-01-10
We have just discovered that Hotspot Shield is being used by some users in our organisation to by pass our internet security servers to access websites which are on our web security host's 'blocked website' policy.

I understand that Hotspot Shield is commonly and legitimately used to provide anonymous web browsing by people who use laptops etc. in unsecured WiFi hotspots - but we need to stop this program from being installed and used on our remote PCs.  The Hotspot Shield program is installed via a downloadable executable .exe file.

If there any way to edit a local PCs registry to stop a user running and installing such .exe based packages which give rise to a fully operational  'Hotspot Shield' application capable of acting as an unauthorised proxy server to access blocked internet sites ?
0
Comment
Question by:WJENorris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 78

Assisted Solution

by:arnold
arnold earned 250 total points
ID: 39593172
One thing you can do is set a GPO that disallow the running of this application.

Presumably all your remote users are administrators of the laptops.

you could limit the running of common install, msiexec, etc. but that would mean that a user would not be able to run any install.

But having admin rights, a knowledgeable person could be able to bypass it the same way.

One option on your LAN is deny the destination to which hotspot shield connects.

Do you have an enterprise class of anti-virus?  Some have user control functions that will prevent installation of unauthorized application or prevent their running.
0
 
LVL 63

Accepted Solution

by:
btan earned 250 total points
ID: 39593576
Don't there is a sure win means if HIPS or lockdown using applocker or software restriction policies is easily bypass using the most privileged account. Some even use 3G or 4G dongle to skip the enterprise proxy etc.

Points to consider:

Block all egress ports except those that need out - Block unnecessary traffic if we certain it make callbacks to certain dest ip servers but that is not sure fix...

Direct all DNS requests through your own DNS servers, not ISPs - control DNS lookups for domains where you don't want traffic. Some subscribe OpenDNS

Content/Anti-virus filtering via transparent proxy - using a transparent proxy removes the need to touch any users' machines. It take a little time and tweak the nuances. Some stated it is flagged as 'malware'

Maybe overall we have to assume.... It may be easier to just block IP addresses of VPN servers as you find them. Of course, block ports that are obvious too (1754 is OpenVPN typically, IIRC)...but some just tunnel through known ports like tor browser so not full proof
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question