Preventing VPN in Opera
-
bah-humbug last edited by
A fight against open-access I'm afraid.
Opera Software have published their latest browser boasting built in free VPN giving access past firewalls of countries, companies, education establishments etc.
As one on the other side of the fence trying to curb access because of employees clobbering our public network connection and viewing 'inappropriate content', (i.e. site not work related, but in work and getting paid) including gambling, shopping, online auctions, games, social media, webmail, streaming services and 'the most popular sites', how can we lock it down? I know that there are tools such as Websense that try to keep up with published VPNs, but we haven't got that installed.
Is there a way to prevent it being enabled on the browser? We have Internet Explorer options fixed/greyed out according to company standard.
Obviously there are some business needs to have https access (which I think most VPN options use) to certain sites, but the list is vast.
We will simply not to install software we cannot control and scan desktops for it if someone finds a way of getting it themselves. Installations may be on Windows, MAC, or Unix desktops.
I don't want to be a kill-joy, but employees are not paid to explore the internet. Would you allow your employees to just sit reading a book or the paper, watching TV and phoning friends all day?
Your suggestions would be much appreciated,
Bah-Humbug -
blackbird71 last edited byThere are several questions that directly bear on your situation:
- What is your company's policy about a user installing and configuring his own software (including browsers) on company-owned computers?
- What is your company's policy about a user connecting his own portable computer to the company network while at work?
- What is your company's policy about a user 'remoting in' to the company network from home or the field?
- What form of firewall protects the company's gateway to the outside?
If a company allows employees to install and/or configure their own software on company computers, it enormously complicates its own security and employee-usage situation. Between covert employee installation/reconfiguration attempts and software auto-updates that suddenly add new features (such as VPN), there is little the IT department can do to police what is running on company networks, other than passive monitoring of what is moving across (and in/out of) its network.
If the company's IT department installs and configures the software and if the software lends itself to it, use of group policy settings and such can often greatly reduce a tech-knowledgeable employee's ability to end-run the reconfiguration limitations imposed by the group policy.
-
bah-humbug last edited by
Yes, it has been rather lax I'm afraid. I've only just joined, so it's a bit unknown at the moment. I'm just tasked with investigating it. Personally I'd ban all internet access anyway except when it's for specific company use and we'd open it for that only; lock the desktop (make it Citrix even?); and take away the wireless access points in the building. Network access can hopefully be allocated on a per-MAC basis as I go all draconian, but after all, we are here to work. I'm sure you wouldn't be happy to put your car in the garage for a service then end up getting billed for 3 hours on social media too.
One major problem has been letting people be local admin on their desktops, so this is already a bit 'out there' but I've got to think of the corporate cost in lost effort and lost data if we keep things open like this.
Sorry to be such a bah-humbug in the party,
Bah-Humbug
