0

I am using a proxy server for my environment deployed on premises for internal hosts and on the cloud from BYOD. When a user takes their device off the premises, the proxy changes to an external proxy address. However, I am concerned that if a machine is compromised with malware and gets admin privileges, it might change proxy settings which will bypass my proxy.

How do I prevent the end user from changing proxy settings? even with admin privileges?

I am looking for a way to harden proxy settings on network stack so that the end user can not overwrite it.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Hammad Qureshi
  • 11
  • 1
  • Admin can do anything. So I'm not sure there is a way to control this. – schroeder Jan 23 '19 at 08:36
  • Why is bypassing your proxy a problem? What harm will occur? What are you trying to prevent? – schroeder Jan 23 '19 at 08:39
  • if a machine is compromised, the malware will bypass network policies created on proxy and allow connection to sites that are blocked proxy. – Hammad Qureshi Jan 23 '19 at 08:44
  • Right, ok, but if malware gets admin access and is able to do this, is accessing blocked sites the important problem? It's already "game over" even if the malware cannot access the sites it wants to. – schroeder Jan 23 '19 at 08:47
  • Thanks for replying. I agree, it's a game over once malware escalates privileges, however regardless of what privileges the machine is working on, i want all the traffic to go through the proxy. I am looking for a solution to harden proxy settings on the network stack level of OS. – Hammad Qureshi Jan 23 '19 at 08:54
  • If you can change a setting, then admin can change the setting again. I'm really not sure that what you want is possible. – schroeder Jan 23 '19 at 08:59
  • 1
    @HammadQureshi: just block any network connection to the outside which does not go over the proxy. Then no other proxy or direct connection can be used. This can be done with a firewall. – Steffen Ullrich Jan 23 '19 at 10:06

0 Answers0