Back in October, Walled Culture wrote about the grandly-named “Piracy Shield”. This is Italy’s new Internet blocking system, which assumes people are guilty until innocent, and gives the copyright industry a disproportionate power to control what is available online, no court orders required. Piracy Shield went live in December, and has just issued its first …
deleted by creator
All the serious companies (financial sector) I worked for so far did it, because as I linked is really easy with any cheap firewall solution.
Well… a bank could be considerar that indeed, but you know, security concerns and all.
So what? A company can use a firewall to block VPNs when the target IP isn’t on some whitelist, or the source computer isn’t authorized to use VPNs. On those high security setups at banks and whatnot client machines inside the company network won’t need to touch a VPN to do a “remote checkup of a server” at some cloud provider as the network will be configured to internally route the traffic from all computers / users (backed by SSO/AD credential) to access those resources via a special VPN setup on some router / server.
Fortinet and WatchGuard can both distinguish a VPN from TeamViewer. They can actually do much more than that, even TeamViewer from RDP or VNC is just a couple of clicks on their UIs.
deleted by creator
That’s also the policy for the majority of the machines/users but there are a few that do have admin privileges like IT teams and whatnot and even if they manage to install a VPN solution (the app would most likely get blocked by endpoint security either way) they couldn’t communicate to the outside because the firewalls, as I described, are all set to block VPN traffic. Except for those situations I specified above.
The bottom line is: distrust everything, everyone and anything. Even if you can ensure nobody can install a VPN application on their computers, assume someone might get around that and add proper firewall checks and blocks as well.