Some users use "UltraSurf" to bypass the default proxy & filtering at my workplace network. This program is listening port 9666 thru localhost or 127.0.0.1 as a proxy. It is injecting into the browser on the fly, this equates to create a website on its host called http://Ultra1
For terminals where does not need Internet access, I can straight away take off the Gateway IP from their LAN setting to cut off its connection. But for some authorized users might still need the gateway route to online.
One way of controlling the program, I have found so far, is to place "ultra1" in the Restricted Zone in Internet Options > Security > Restricted Sites. Go to Custom Level and set all items to Disable or High Safety except Popup Blocker.
However I have done some experiments on virtual box and the effective way i found is block the UltraSurf connections at Client's Firewall, sample configuration as below:
At COMODO Internet Security:
>> FIREWALL > Network Security Policy
> Global Rules > Add
1) Action: "Block"
Tick: Log as firewall event if this rules is fired
* Source port > Type: A single port, Port: 9666
* Destination port > Type: A single port, Port: 443
Then, u must lock the COMODO to prevent user to change the setting:
>> MORE > Preferences > Parental Control
> Tick: Enable password protection for the settings
> Set password: your default pwd
> Tick All: Suppress alerts if password protection is enabled
Important NOTE: Make sure the users are NOT given the Windows administrator rights, else they might change the settings anytime and uninstall the Firewall as well.
No comments:
Post a Comment