bypass office blocking, please help

[senderj]

The company I work for recently set up a proxy which blocks many web sites and internet access that I used to access everyday. I've searched the web to find methods to bypass the blocking, including SOCKS, SSH tunnel, web proxy, php proxy etc. but none of them solve my problem. Each of them has at least an element that was stopped by the security measures of my company. So I just list out those I know and what resources I have in the hope that somebody here may be able to let me know how I can make use of these resources to continue access the internet I want.

Here are what I need from the internet:
1. develop & deploy openshift apps using rhc client, ssh and git (command line) - this is a self-study, not work related.
2. play flash games (via browser).
3. access web sites related to VPN, networking etc.

Here are the security measures that block me from doing the above:
1. all Windows PCs' usb ports are read-only (MS network's global policy I believe).
2. all internet traffic has to go throught corporate proxy (Bluecoat I believe).
3. all outbound network ports are closed except 80, 8080 and 443.
4. all url with keywords such as "proxy", "download", "vpn" and many others are blocked.
5. all (at least they try) known public proxy servers are blocked (and the list is increasing).
6. only allow IE and firefox for web access, even Chrome is not allowed (I believe the proxy checks the user agent).

You may say some of the corporate software will not work. Yes. But I think they open exceptions one-by-one for them.

Here are the resources I have in my office:
1. Other than a PC for usual office works, I have another PC that is needed only before 9 and after 5. So in most of the office hours this extra PC can be used.
2. Though usb port is read-only, this control is in force only when booting Windows 7 from harddisk. I can boot to ubuntu using a usb drive without problem.
3. I can unplug the LAN cable of the PC.
4. I can use my mobile's data service for usb tethering.
And at home:
5. I have at home a Raspberry Pi B+ and an idle Asus router running dd-wrt.

Can somebody tell me how I can set up proxy or vpn or anything with these so as to continue my usual access to the internet in the office?

 

[bernard038]

Here are what I need from the internet:
1. develop & deploy openshift apps using rhc client, ssh and git (command line) - this is a self-study, not work related.
2. play flash games (via browser).
3. access web sites related to VPN, networking etc.

Seems you are not quite happy at your job. Maybe it's better to spend time finding a different line of work than to spend time to bypass the security measures taken by your employer.

 

[System Error Message]

you will need to really consider if you wanna bypass the block. Blocks are placed for a reason. Let me put it to you in an example for productivity.
Facebook itself is good, but facebook apps are time wasters.
youtube can be both good and bad. People tend to waste time watching youtube but if you watch something that relates to work (like programming/ math vids if you are a programmer) than that is good for productivity. Many companies however just block them entirely rather than deal with the extra complexity of partial blockinng.

1) A lot of viruses in an area spread via the network and usb. Back when i was at college, every PC, laptop both college and individual owned were infected with viruses that came from usb drives. Read only not only prevents the dumb from spreading viruses but also prevents someone from opening trojans about for unlawful remote control/monitoring/keylogging. You wouldnt want everything you do on your work PC available to some random guy do you?

2) Proxying does 2 things for an establishment. a) It provides additional performance by caching and saves on bandwidth. b) it implements an extra layer of security

3) You're there to work, not host things. Exposing any service internally can be a vulnerability, which can jeopardise the company's infrastructure security

4) This i think is a little too far, not like there are kids working there. They dont want you bypassing their security.

5) I know ways to make this work, honestly this is bad for you to do.

6) chrome and opera are good too. IE is the one that should be blocked.

Unless you need to bypass all the filtering as part of your work you really shouldnt. You're there to work and unless explicitly allowed, its not your home. The network is set up for both security and productivity. Tell us, what do you do at work. If you are a techie trying to do work but have trouble with the security implemented, explain to us what you're trying to do so we can explain a solution, otherwise please dont bother trying to bypass it. This is not school, its the industry where mistakes can cost you severely not only your job but you put others at risk too.

I suggest suggesting things to your company if it is helpful (i.e. not blocking chrome and opera but blocking IE instead). IE is a security threat.

 

[ColinTaylor]

I can only emphatically agree with what @System Error Message said.

The restrictions are in place for good reason and are part of your terms of employment. If you don't like the restrictions find a job elsewhere. If you feel that you have a valid work-related reason for accessing certain things then speak to your IT department and ask them to make an exception for you.

 

[Andyf66]

I also agree with all of the above. And further to that, if they are so concerned about security to put those measures in place they probably have extensive network monitoring and IDS / Threat detection in place too. You start messing with the systems, you'll be out if a job before you know it, with a case of gross misconduct at best, and a law suit for damages at worst. It's really not worth the bother.

Messing with corporate IT systems isn't like messing with the photocopier. It is breach of contract.

 

[RMerlin]

Considering how extensive their security measures are, this looks like a large corporation. Which means any attempt to bypass it will most likely be detected by their security software as well. And once they do, it's enough for them to fire you. Just don't risk it.

 

[bernard038]

On the other hand, the post of @senderj proves, at least, one point. If you start treating your employees as children (keyword filtering, URL blocking), they will stop behaving as professionals. Better to take measures to stop attacks from from the outside, monitor all traffic and trust on the professionalism of your employees (and they will deal with bad apples themselves).

 

[RMerlin]

On the other hand, the post of @senderj proves, at least, one point. If you start treating your employees as children (keyword filtering, URL blocking), they will stop behaving as professionals. Better to take measures to stop attacks from from the outside, monitor all traffic and trust on the professionalism of your employees (and they will deal with bad apples themselves).

I doubt that he OP wants to play flash games on his work time and equipment BECAUSE the IT is trying to clamp down on such kind of uses of the company's resources. The real victim here is not the employee, it's really the company.

People need to stop shifting the blame to others when they don't act responsibly. You're the one who's acting, not the other way around. This is an increasing problem with the youngest generation, who thinks they are entitled to everything, and if there's a problem it's definitely not them, even when it IS them who are the actual problem.

The mere fact that the OP specifically mentions wanting to play Flash games on his work time indicates to me that there is a problem, and it's not at the IT department level, but at the employee level.

 

[john9527]

The mere fact that the OP specifically mentions wanting to play Flash games on his work time indicates to me that there is a problem, and it's not at the IT department level, but at the employee level.

In addition to wanting to actively circumvent the security protections....
Actually, if I was his manager and could identify him, we would already be having a long talk based on his post....and there is a strong possibility he would already have been shown the door.

 

[Andyf66]

The original posters username seems to crop up on many forums... and often seems to relate to wanting to 'solve' the previously mentioned situation. I'd be very careful about my online presence in that situation if I wanted to keep my job.

- You have no rights to use work equipment for 'self study'
- you have no right to use work equipment to play Flash games, a platform so notoriously ridden with security holes as that it should be banned everywhere
- You have no right to access random web sites for your own interest if the employer forbids it.

Get a new new job, before you're put in a position where you have no choice!

 

[ColinTaylor]

On the other hand, the post of @senderj proves, at least, one point. If you start treating your employees as children (keyword filtering, URL blocking), they will stop behaving as professionals. Better to take measures to stop attacks from from the outside, monitor all traffic and trust on the professionalism of your employees (and they will deal with bad apples themselves).

The environment that the OP describes is exactly the same setup as I used to administer as part of the network security team (so much so that I wonder if it's the same place). I can assure you that when you have thousands of employees/contractors from all walks of life doing jobs of every description there will be a fair proportion of untrustworthy individuals.

And whilst the vast majority carry out their duties in a professional manner, there will always be those that would rather play games, watch YouTube, look at porn, install their own software, bypass security restrictions, hack the network, setup a VPN to their home network, etc., etc., etc. It only takes one idiot that thinks "he knows better because he setup his home router" and before you know it the whole corporate network is infected with a zero-day virus that he picked up from his torrents.

So no, unfortunately in the commercial world you can't just trust that everybody behaves themselves. If they truly are professionals then the restrictions won't be impacting them anyway.

 

[bernard038]

The mere fact that the OP specifically mentions wanting to play Flash games on his work time indicates to me that there is a problem, and it's not at the IT department level, but at the employee level.

Don't get me wrong, I dó think OP has issues in the field of basic employee- and adult behavior. If he was working @ my company, he would be fired on the spot. He makes a conscious choice to swindle his employer by studying and playing games during work hours.

I just do not think that blocking websites or blocking keywords will modify his behavior. OP will just find another way to keep himself busy with non-work related activities. Better to 'monitor' employee productivity and employee motivation by making sure that the company is organized in such a way that employees cannot, structurally, be unproductive.

FYI: I am nót from the US. I am from the Netherlands. Over here (Netherlands, Germany, Scandinavia) we might have different employer-employee relationship. We do not have large sets of rules describing what is expected of our employees, we just mention that a employee is expected to act as a 'decent member of staff'. Structural slackers (flash game players, porn watchers, being latecomers for more than two times in a year without a valid reason) can be fired on the spot, forfeiting their right to social security and minimizing their chance to find another job (as being fired on the spot is an extreme measure taken only in extreme circumstances). So we don't need all kinds of technical measures to modify employee behavior, we just fire the bad apples. Filtering is seen as, unnecessary, censorship. Especially in my company, where my employees, have to search information on for instance sexual dysfunctions every now and then.

 

[System Error Message]

even adults behaves as kids. If at my work place someone used the PC for something other than work or improving (like research) during work hours i will be mad if i was the manager/boss. As a computer scientist i dont trust others either when it comes to security such as malware and exposing anything inside even though i can spot malware and scams straight away.

if you see the OP on another site asking the same thing, make sure to mention that no one should give a solution. Its not only his butt at risk but others at his workplace too, if security gets compromised it will lead to a whole lot of disaster for techies to solve and loss of productivity.

If i see someone playing flash games on company PCs i will get mad too because flash is absolutely horrible and as a techie i hate flash. Its not just a productivity issue but flash by its nature is a resource hog and vulnerability.

 

[bernard038]

I guess I speak for most of us when I ask OP:

 

[RMerlin]

I'm starting to suspect that the OP is really an IT guy who wants to see if the community can come up with ways to bypass a typical network security setup, and then he'd implement solutions against these. Kind of a "passive penetration test"

 

[Samir]

If you really want to use these products and have access to a PC that you can boot to your own os, just get your own wifi hotspot and bring your internet access to work--connect it to that pc and run your own os off the usb. And NEVER connect this setup to the corporate network. Then you'll be fine.

 

[ColinTaylor]

Then you'll be fine.

No. Just no. So he boots his "own OS", points his browser at a malware-ridden warez site (or plugs in an infected USB stick) and infects the bootloader of the local hard drive. The PC is then rebooted onto the corporate network and bingo!, network gets infected with ransomware, company looses millions of $, people loose their jobs.

This is not a technical question of "can it be done", it's an staff management issue. If it's OK for him to do what he wants he needs to speak to his manager who can arrange it properly with the IT department. If it's not OK then don't do it, the workplace is not his playground.

 

[Samir]

No. Just no. So he boots his "own OS", points his browser at a malware-ridden warez site (or plugs in an infected USB stick) and infects the bootloader of the local hard drive. The PC is then rebooted onto the corporate network and bingo!, network gets infected with ransomware, company looses millions of $, people loose their jobs.

This is not a technical question of "can it be done", it's an staff management issue. If it's OK for him to do what he wants he needs to speak to his manager who can arrange it properly with the IT department. If it's not OK then don't do it, the workplace is not his playground.

True, but that's a slim chance if using something like lightweight portable security.

It's obvious that this shouldn't be done--that's what the protections are there for in the first place. But as a 'passive penetration test' or whatever, this is a scenario that works.

 

[TonyH]

Seems you are not quite happy at your job. Maybe it's better to spend time finding a different line of work than to spend time to bypass the security measures taken by your employer.

To me it sounds like OP is trying to compromise company policy which may result in being reprimanded or fired. Not a good thing.