ProxySG & Advanced Secure Gateway

  • Private Community
 View Only

  • 1.  workaround to block psiphon ??

    Posted Aug 28, 2018 08:10 PM
     
    A proxy application called "psiphon" can pass and avoid the filtering. It's not categorized in the proxy avoidance category and not recognized as an application by Bluecoat.
     
    We tried to block it using the following regex "\/\/\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b"  that used to work with me but it didn't work this time.
     
    Any Ideas ??
     


  • 2.  RE: workaround to block psiphon ??

    Posted Aug 29, 2018 03:52 AM

    Hi Ahmed,

     

                   Such applications of proxy avoidance always tries to be one step ahead of the people who try to control it. This is what making them to be in service and make people to use it. Successful block of such application can be only achieved with a multi-layer approach. IMHO the some of these should be as below

     

    Type Control Device/Application
    Application Access

    Block download of Application

    		 Proxy
    Application Access Block get application via email Email Gateway
    Execution Block execution based on signature or exe name Host AV like SEP can help in this
    Execution Corrupt the registry options of this application GPO or Host AV
    Outbound Access Block access at Gateway for port 22, 443 and 80 directly from the client machine Perimeter Firewall
    Outbound Access Block "Proxy Avoidance" category Proxy
    Outbound Access Enable SSL Interception Proxy

     

                  I have confirmed that having SSL Interception and blocking "Proxy Avoidance" at Proxy alone is not blocking this access