Sophos UTM bypassed at home via Proxy

M

Modder man

[H]ard|Gawd
Joined
May 13, 2009
Messages
1,770
I am trying to figure out a way to stop this from happening. I have a sophos UTM at home to keep content safe for the kiddies. Unfortunately one of them things he is clever and has been using hotspot shield to bypass the firewall entirely. What can I do on the firewall to stop this from happening? Security is not my day job.
 
Modder man said:
I am trying to figure out a way to stop this from happening. I have a sophos UTM at home to keep content safe for the kiddies. Unfortunately one of them things he is clever and has been using hotspot shield to bypass the firewall entirely. What can I do on the firewall to stop this from happening? Security is not my day job.
Click to expand...

quite simple actually bar the little bundle of terror from the computer/internet till he learns to follow your rules of usage. if he needs to use it for homework tell him to go to the library that should fix the issue.

Honestly have each family member should have their own account restricted user account with their own password and you should be the admin on the pc and then we have some required reading

http://windows.microsoft.com/en-ca/windows/what-can-control-parental-controls#1TC=windows-7

http://www.howtogeek.com/howto/10524/how-to-use-parental-controls-in-windows-7/

http://www.howtogeek.com/201606/completely-protect-your-windows-pc-with-microsoft-family-safety/
 
Each family member has their own machines and they leave the network at times. Not to mention I am an older brother not a parent.

I am trying to do it at the firewall level as I don't want to be responsible for all of the machines. I dont even live at home anymore so I am trying to take the easy approach from my perspective to help my parents.
 
the hard way is advised take the pc away and if a pc is needed for school then the child can go to the library and use a library pc call it a character building exercise

or

http://parental-software-review.toptenreviews.com/net-nanny-review.html

as its installed locally on the pc and would be unable to be removed by him

or

use the ms parental controls and change the kids account to user and have you or your parents on as admin a guide us below

http://www.howtogeek.com/201606/completely-protect-your-windows-pc-with-microsoft-family-safety/

done /done
 
Last edited:
Sophos should have an Application control feature I would guess, but I am not a user so I cant say for sure. They do offer another solution for free Sophos UG which does specifically state that it does have application control. Another way is if you can turn on some kind of packet analyzer in Sophos, you can watch when the kiddies connect up to HotSpot Shield, and block all connections to that IP address in the firewall. Depending on how many servers they have, you might have to do it a few times. Those are some of the free approaches.

Edit-- I just found a list of all the ports used by Hotspot shield. Just change the outbound firewall policy to block all these ports and allow the rest. Or in my case, I only allow the outbound ports that I need 80,53,443,22,123,10443, and block the rest.

HotSpot Shield ports --- 5345,5938,5245,3398,3451,5265,1755,5050,5396,10000-10010,9000,3211,15000-15010,1935,5231,800,989,995
 
Last edited:
How To:
1. Select Web Protection
2. Select Application Control
3. On the Network Visibility tab turn the option "On" with the switch
4. Change to Application Control tab
5. Select New Rule
6. Name the Rule
7. "Control By" change to "dynamic filter"
8. "Control these Categories" Click the folder icon
9. Window opens up. Select "VPN and Tunneling" Under "Category"
10. Change the Productivity to <=5 (High) and Risk to >=1 (Low). Click Apply
11. (Back to main screen) Beside "For" select the folder Icon and choose the network for the rule to apply to.
Optional 12a. Check the log box to track the little bugger ;)
12b. Click Save

I would Suggest a rule for Proxies as well

My Rules on the guest network:
Name Application Group
DMZ-NoFileTransfer File Transfer
DMZ-NoProxy Proxy
DMZ-NOVPN VPN and Tunneling
DMZ-NoRemoteAccessSoftware Remote Access
DMZ-NoNetworkMonitoring Network Monitoring

This can also be done without the dynamic filter but I'm sure he will find something that is not setup.

Hotspot shield is one of the signatures in its lists

As well Productivity set to <=4 (or Higher) it will block all legit VPN (work) as well.
I block all on my guest network as people that come here should have no need for a VPN :D
 
Last edited:
You must log in or register to reply here.
Back
Top