Questions

Block Internet Access trought Mobile USB adapter

Tags:
+
0 Votes
Locked

Block Internet Access trought Mobile USB adapter

cristiano.oliveira
Some desktops on my network are not allowed to use internet connection but they need Internet Explorer to access local Intranet Web, they are blocked on the Router Firewall to avoid accessing to outside Internet, but some of them are using the Mobile USB adapter to access the internet using a mobile operator, how can I avoid them to access the internet?
  • +
    0 Votes
    robo_dev

    Policy: Do you have a policy that forbids this? Are your users required to follow policy?

    Windows Group Policy: If you block the user ability to change the proxy setting in Internet Explorer, then their wireless interface will not work, as long as they are not permitted to install software (e.g. an alternate web browser program).

    http://technet.microsoft.com/en-us/library/cc775996.aspx

    +
    0 Votes
    cristiano.oliveira

    The problem is that some of them are Administrators of there desktop computers and could install other browsers, so that hint shouldnt be enough.

    +
    0 Votes
    robo_dev

    Checkpoint DiskNet Pro, for example, can block all unappoved interfaces, and also can be configured to block or allow other devices such as writing to CD-ROMs, USB jump drives, floppy drives, etc.

    I have worked with a large financial institution who deployed DiskNet Pro with good results. they configured it such that only certain people could burn CD-ROMS, nobody could use wireless of any sort, and one approved company-issued USB jump-drive was allowed, but encryption is mandatory for those devices, as enforced by DiskNet.

    DiskNet can also allow approved CD or DVD writing storage devices, but force them to encrypt the data.

    http://www.checkpoint.com/reflexmagnetics/products/disknetpro/index.html

    +
    0 Votes
    cristiano.oliveira

    Is there an easy and unexpensive way to do this?

    Thank you.

    +
    0 Votes
    patb071

    Are they higher up on the food chain? If you have a policy saying no internet access and they are working around it its time to start canning some people. I imagine you say no games and they are playing games all day. Anything you do they will just find a way around it why spend time and money?

    +
    0 Votes
    cristiano.oliveira

    You are correct but I need to stop them, anyway!

    +
    0 Votes
    robo_dev

    but clever users will be able to undo this work since they have admin access. I guess you could work to come up with ever more complex and clever group policies to make it tricky for admin users to undo the policy.

    Sort of a cat-and-mouse game with GPO versus the user.

    For example, if you deploy a broken version of the Plug and Play service to PCs, then no hardware can get installed. The user would need to reinstall the windows files to make it work.

    If you have physical control of the PCs you can go into BIOS, disable USB altogether, then password-protect the bios. Some organizations actually super-glue connectors into the USB ports, believe it or not.

    The problem, of course, is that Windows 'plug-and-play' is a blessing for users and a curse for administrators.

    The use of a utility such as DiskNet allows you to define a set of policies, deploy them from a central console to PCs, and the DiskNet Client on the PC makes sure these policies get deployed. And it does not matter if the PC users have local admin rights with DiskNet.

  • +
    0 Votes
    robo_dev

    Policy: Do you have a policy that forbids this? Are your users required to follow policy?

    Windows Group Policy: If you block the user ability to change the proxy setting in Internet Explorer, then their wireless interface will not work, as long as they are not permitted to install software (e.g. an alternate web browser program).

    http://technet.microsoft.com/en-us/library/cc775996.aspx

    +
    0 Votes
    cristiano.oliveira

    The problem is that some of them are Administrators of there desktop computers and could install other browsers, so that hint shouldnt be enough.

    +
    0 Votes
    robo_dev

    Checkpoint DiskNet Pro, for example, can block all unappoved interfaces, and also can be configured to block or allow other devices such as writing to CD-ROMs, USB jump drives, floppy drives, etc.

    I have worked with a large financial institution who deployed DiskNet Pro with good results. they configured it such that only certain people could burn CD-ROMS, nobody could use wireless of any sort, and one approved company-issued USB jump-drive was allowed, but encryption is mandatory for those devices, as enforced by DiskNet.

    DiskNet can also allow approved CD or DVD writing storage devices, but force them to encrypt the data.

    http://www.checkpoint.com/reflexmagnetics/products/disknetpro/index.html

    +
    0 Votes
    cristiano.oliveira

    Is there an easy and unexpensive way to do this?

    Thank you.

    +
    0 Votes
    patb071

    Are they higher up on the food chain? If you have a policy saying no internet access and they are working around it its time to start canning some people. I imagine you say no games and they are playing games all day. Anything you do they will just find a way around it why spend time and money?

    +
    0 Votes
    cristiano.oliveira

    You are correct but I need to stop them, anyway!

    +
    0 Votes
    robo_dev

    but clever users will be able to undo this work since they have admin access. I guess you could work to come up with ever more complex and clever group policies to make it tricky for admin users to undo the policy.

    Sort of a cat-and-mouse game with GPO versus the user.

    For example, if you deploy a broken version of the Plug and Play service to PCs, then no hardware can get installed. The user would need to reinstall the windows files to make it work.

    If you have physical control of the PCs you can go into BIOS, disable USB altogether, then password-protect the bios. Some organizations actually super-glue connectors into the USB ports, believe it or not.

    The problem, of course, is that Windows 'plug-and-play' is a blessing for users and a curse for administrators.

    The use of a utility such as DiskNet allows you to define a set of policies, deploy them from a central console to PCs, and the DiskNet Client on the PC makes sure these policies get deployed. And it does not matter if the PC users have local admin rights with DiskNet.