?
Solved

Proxy Anonomyser problems: Hotspot Shield

Posted on 2013-10-22
2
Medium Priority
?
644 Views
Last Modified: 2014-01-10
We have just discovered that Hotspot Shield is being used by some users in our organisation to by pass our internet security servers to access websites which are on our web security host's 'blocked website' policy.

I understand that Hotspot Shield is commonly and legitimately used to provide anonymous web browsing by people who use laptops etc. in unsecured WiFi hotspots - but we need to stop this program from being installed and used on our remote PCs.  The Hotspot Shield program is installed via a downloadable executable .exe file.

If there any way to edit a local PCs registry to stop a user running and installing such .exe based packages which give rise to a fully operational  'Hotspot Shield' application capable of acting as an unauthorised proxy server to access blocked internet sites ?
0
Comment
Question by:WJENorris
2 Comments
 
LVL 82

Assisted Solution

by:arnold
arnold earned 750 total points
ID: 39593172
One thing you can do is set a GPO that disallow the running of this application.

Presumably all your remote users are administrators of the laptops.

you could limit the running of common install, msiexec, etc. but that would mean that a user would not be able to run any install.

But having admin rights, a knowledgeable person could be able to bypass it the same way.

One option on your LAN is deny the destination to which hotspot shield connects.

Do you have an enterprise class of anti-virus?  Some have user control functions that will prevent installation of unauthorized application or prevent their running.
0
 
LVL 66

Accepted Solution

by:
btan earned 750 total points
ID: 39593576
Don't there is a sure win means if HIPS or lockdown using applocker or software restriction policies is easily bypass using the most privileged account. Some even use 3G or 4G dongle to skip the enterprise proxy etc.

Points to consider:

Block all egress ports except those that need out - Block unnecessary traffic if we certain it make callbacks to certain dest ip servers but that is not sure fix...

Direct all DNS requests through your own DNS servers, not ISPs - control DNS lookups for domains where you don't want traffic. Some subscribe OpenDNS

Content/Anti-virus filtering via transparent proxy - using a transparent proxy removes the need to touch any users' machines. It take a little time and tweak the nuances. Some stated it is flagged as 'malware'

Maybe overall we have to assume.... It may be easier to just block IP addresses of VPN servers as you find them. Of course, block ports that are obvious too (1754 is OpenVPN typically, IIRC)...but some just tunnel through known ports like tor browser so not full proof
0

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question