Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 13008 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does anyone know how to block the application "Cloud VPN" for Android?

EddieRock

I'm looking to block my kids from using "CloudVPN" on their phones. They are bypassing tunneling through the UTM9 using this proxy/vpn. I can't figure out how to block it. I asked the developer of the product and he said that it was designed to be very hard to block.

If anyone can figure it out, please let me know. 

I really just need the contents of the Application Rule to set it up. I've tried using the pre-existing application categories without any luck.

Thanks,

Ed



This thread was automatically locked due to age.
Parents
  • 0

    Many VPN services are built to do things like get past evil government's blocking.  That is their selling point.  As the developer said, it is hard to block and he is not likely to help you.

    If you block "Cloud VPN" your kids will go around a find "Super VPN" or some other different product.  And if you block that as well, your kids will switch to using their data plan and bypassing the UTM altogether.  Your underlying problem is not a technological one requiring a technical solution.

    Your problem is a social one.  You have kids living in your house using a method to bypass your rules.  You need to deal with that as a parent, not as a sysadmin.

    If the same thing was occurring in an business where someone was using Cloud VPN to bypass the UTM so they could do online gambling at work that is grounds for that employee to get a warning and dismissal - not grounds to improve IT security.

    Good luck!

  • 0 in reply to Michael Dunn

    Hi,  

    What about in a school environment where we encourage the use of these devices. We provide a separate free WiFi internet access for the students, "Protected" by  your product. Sophos UTM  Is there any way to make these programs unavailable to students while on our premises ? The WiFi is accessed by terms & conditions so users do not have to log in. 

    We have a duty of care to make sure they are safe on line and being able to bypass web filtering device to access unauthorized sites is something that could have serious consequences.  Is there anything in the pipeline to address this as I think it is a technical issue, even a block list of some sort of the most common apps that could be updated would be a start? Can Apps be individually blocked as I don't mind even entering them myself if it does prevent access..

    Many Thanks 

  • 0 in reply to tstan

    There are ways of blocking, even if it works out to a game of whack-a-mole.  One of the issues is trying to block the bad stuff while at the same time letting the good stuff in.  It may be (for example) that what you need to do to block one thing will also block downloading from the app store.  Or that you block all VPNs but then your teachers cannot access some TeacherWeb VPN thing.

    One approach is to start closed and restrictive.  Monitor and when users complain they cannot do something open up that one thing only.

    Another approach is to start open and monitor.  When you see (or hear of) things you don't want, block them.

    I approve of rules like "No smoking on school property" and "No porn on school wifi".  For both rules you are going to do you very best to use whatever tools you have to detect and prevent.  For both rules you will have some people breaking those rules.  As a school you need to decide appropriate response for rule breakers.

    I was not trying to say that Sophos products can't help you in this fight.  I wanted to point out that like any other type of rule enforcement, you can never be 100%.  You use the tools that you have to enforce what you can and you monitor.

    Work with Sophos and your partner on this.  Some partners have more experience with schools and their needs. If there are specific features that you would like that you think will help, raise them with the partner and Sophos - it gets more clout when a feature request is attached to specific customers.

    Being a sysadmin is already a tough job.  For a school its got to be worse.  Good luck.

    www.youtube.com/watch

Reply
  • 0 in reply to tstan

    There are ways of blocking, even if it works out to a game of whack-a-mole.  One of the issues is trying to block the bad stuff while at the same time letting the good stuff in.  It may be (for example) that what you need to do to block one thing will also block downloading from the app store.  Or that you block all VPNs but then your teachers cannot access some TeacherWeb VPN thing.

    One approach is to start closed and restrictive.  Monitor and when users complain they cannot do something open up that one thing only.

    Another approach is to start open and monitor.  When you see (or hear of) things you don't want, block them.

    I approve of rules like "No smoking on school property" and "No porn on school wifi".  For both rules you are going to do you very best to use whatever tools you have to detect and prevent.  For both rules you will have some people breaking those rules.  As a school you need to decide appropriate response for rule breakers.

    I was not trying to say that Sophos products can't help you in this fight.  I wanted to point out that like any other type of rule enforcement, you can never be 100%.  You use the tools that you have to enforce what you can and you monitor.

    Work with Sophos and your partner on this.  Some partners have more experience with schools and their needs. If there are specific features that you would like that you think will help, raise them with the partner and Sophos - it gets more clout when a feature request is attached to specific customers.

    Being a sysadmin is already a tough job.  For a school its got to be worse.  Good luck.

    www.youtube.com/watch

Children
No Data
Unfiltered HTML