Endpoint Protection

 View Only

  • 1.  Using SEP app and device control to block bridging

    Posted Jan 26, 2011 04:05 PM

    Greetings experts. I need some assistance.  I've tried to discover the secret keys, but think it's a bit beyond my time and expertise. I need to use SEP to prevent bridging two network connections.

    EXAMPLE - a notebook or other computer, but mostly notebooks, that have a "hard wired" ethernet connection to a LAN, plus have wireless abilities. I need to prevent folks from saying, gee, I can make those two talk to each other and connect to the work LAN on the wire, and this other wireless floating at the same time, or worse.  They go into network connection area in W7, highlight the wireless and wire network, right-click and choose "bridge".

    I know SEP can monitor and block registry changes - I need to block whatever is used to create those bridges - I suspect blocking a single key or maybe two could be enough to kill any bridging. Anyone familiar with bridging? I'm not really. But I do already use SEP to control a ton of things here, and we're finding new power in it daily. This is one my team leader, the network administrator asked me if was possible. I know it is - but don't know the keys to tell SEP to block from "change".

    Thanks in advance!  Think about the potential issues - an Android phone with wifi can connect to a wireless notebook - and that notebook can be on the company or agency network, allowing their phone to connect to the network, and well, you can imagine the security issues that could arise.



  • 2.  RE: Using SEP app and device control to block bridging

    Posted Jan 26, 2011 04:29 PM

    The wireless connection can be used to transfer data even if network bridging is not established.   To make matters worse, your high-end users may be running a 64-bit OS in which case Application and Device Control is not even available to you.  You might look at location awareness to disable the wireless network connection if the hard-wire ethernet connection is found.  Location awareness might also be used with firewall rules to block connctions to unauthorized IP address ranges, particularly if you are going through a proxy server.  I think this approach might work with a 64-bit OS.    Good Luck - l'll keep an eye on this thread to see what other ideas come up.



  • 3.  RE: Using SEP app and device control to block bridging

    Posted Jan 26, 2011 04:35 PM

    No - no 64bit here, it's all windows 7 on 32bit systems with 32bit OS except for the network admin, etc. I'm aware of the issues with 64bit, luckily we avoided 64bit for a large/wide variarty of reasons. So no worries there.  I really could laugh at the thought of high-end users here. That would be considered a joke by most of our IT department  ;-)
    I'm needing to use app control for bridging.

    No proxy, and we've got so many subnets, that would be a mess, too.  

    And to disable wireless, you have to know the detail of the card, and that will vary.

    So back to the original question - what registry keys do I need to monitor or lock to prevent bridging on W7?



  • 4.  RE: Using SEP app and device control to block bridging

    Posted Jan 27, 2011 10:13 AM

    Well I went a different path - blocked bridge.sys from loading or being accessed.That works. Can no longer setup a bridge between wired lan and wireless.

    The registry key I did find, but if it's already there, SEP can't do anything, only if it's NOT there can SEP prevent registry modification - I "think".

    Others would know more about SEP and the registry, I'm sure

    NOW, I need a script that will look in the registry on all AD computers and see if the key "bridge" exists under system\currentcontrolset\services

    If there's a sub key called bridge, or bridgemp, then a bridge has been setup in the past. If that key does not exist, there's never been a bridge, past or present. This has become a big deal, so I'll keep working on it until satisfied.