Quote:
Originally Posted by photon
You could still have legally binding network usage policies.. anyone running a disallowed service gets removed from the network. Might not be a viable solution tough.
If you blocked common VPN ports, that would also defeat legit VPN usage and wouldn't stop things like HotSpotShield since I think they can do everything over port 443 which is the SSL port.
The only way I can think of would be to have a block list on the outgoing routers to prevent connections to known Tor and VPN sites.
You could use OpenDNS http://www.opendns.com/solutions/overview/ https://www.opendns.com/solutions/business/filtering/, they have blocking and have anonymizers/proxies as one of their options I've read. |
We already use OpenDNS for their DNS service, and of course blocking the proxy sites. But that only blocks the actual websites. Which would block someone from downloading Tor.
Problem is there are a lot of other ways to still get the program. Free Wi-Fi at the library, airport, whatever.
Quote:
|
However this wouldn't stop someone that changed their own computer's DNS to something else.
|
You can create rules where all port 53 requests are blocked or redirected to the OpenDNS addresses that you specify on the gateway device.