2

In our small organisation I have tried my best at implementing DLP by:

  1. Making sure users access all files from the server
  2. Local disks are denied access (forced to work only on network drives)
  3. Disabling mass storage
  4. Implementing IPSec to block users from communicating with any other IP except the server IP and Firewall (cyberoam)
  5. Blocking as much sites as possible in cyberoam like file storage sites, mails etc.

But there are 3 major problems I have not been able to solve with the above methods:

  1. Ultrasurf
  2. Proxy sites
  3. And the biggest problem of them all, using android phones internet via USB mobile tethering to bypass cyberoam.

I have spoken to cyberoam about the above 2 problems and they are working on it. Any solutions how to prevent the 3rd problem?

Any help on how to implement a cost effective DLP solution would really be helpful.

Anders
  • 64,406
  • 24
  • 178
  • 215
AlphaGoku
  • 121
  • 1
  • 6
  • Maybe I'm missing the thrust of the question, but it seems to me that from a broad-overview standpoint the most critical issue is that employees can enable USB tethering on their phones in the first place. There are various ways you can try to make it mildly more difficult at a network level to improperly access a resource on a PC via tethering while still allowing access on the phones themselves. But ultimately your ability to combat access of sensitive info on tethered PCs primarily depends on your ability to prevent employees from using or enabling tethering on their phones at all. – mostlyinformed May 26 '16 at 04:04
  • how do u prevent users from connecting to a comp and enabling tethering? – AlphaGoku May 27 '16 at 09:06

2 Answers2

1

Some antivirus software like Sophos can disable network bridging, which will prevent any wireless from been connected while the network cable is plugged in. We use this to stop people tethering while connected. You will need to block USB/Bluetooth at the OS to stop tethering there.

Once a users laptop network leaves the premises you can use group policy (if Windows) to black/white list SSIDs. If you don't do this then nothing to stop a laptop user from going down the street to a coffee shop for the same effect.

Antitribu
  • 111
  • 3
  • "which will prevent any wireless from been connected while the network cable is plugged in" - phones connect to our desktops via USB tethering. "You will need to block USB/Bluetooth at the OS to stop tethering there"-I have disabled mass storage in regedit. – AlphaGoku Feb 12 '16 at 04:10
  • Tethering unfortunately isn't mass storage afaik, you will need to block all devices and make a white list to be sure. – Antitribu Feb 13 '16 at 20:21
  • It isn't practical to sit and block every possible phone right?? How do you create a whitelist? – AlphaGoku Feb 15 '16 at 16:01
  • It isn't practical or even possible to block every phone/network adapter, unfortunately the whitelisting is going to be specific to your vendors security package. While it may be possible to do with generic group policies I'm uncertain on how to do so at a USB level, though https://technet.microsoft.com/en-us/library/cc732613(v=ws.10).aspx?tduid=(7dc68576514b60c559f30419db2d5bfd)(256380)(2459594)(TnL5HPStwNw-BsIhJlMZ6nKS2TT5F.lbVg)() may let you at the network layer. – Antitribu Feb 16 '16 at 11:19
0

You are trying to solve the problem with technology, when you must solve it with policy.

Have all users sign a document stating that using proxy servers or phone tethering is strictly forbidden, and anyone caught using them will be suspended or fired.

On top of that, keep a PowerShell script running at some intervals, using Get-NetAdapter to list all network adapters and looking for deviations from the IP range of your network. Notify the security team, lock the computer and change the lock screen to a message stating that a violation was detected. The view of a message appearing on a screen saying the security team is coming is enough to stop a lot of users of even thinking about breaking the rules.

On this site there's a script to block Ultrasurf on the workstation. You will need to install some pre-reqs first, but it appears to work.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • "PowerShell script running at some intervals, using Get-NetAdapter" - will it detect deviations when connected to USB tethering,ultrasurf?? If so, any link that could help me get it done would be useful. – AlphaGoku Feb 11 '16 at 13:13
  • Also, i googled about Get -NetAdapter and it says that it isnt available for Win 7 :( We use Win 7 :( – AlphaGoku Feb 11 '16 at 13:25