ipregistry.co to mention another
Yes, let me clarify. Thank you for asking.
We’re working on an ASM (Attack surface monitoring) tool which will have a feature where organizations can add a piece of code to their domains and get the data back in the ASM tool of how many of their users are on VPN and it will also generate deeper analytics like if someone was behaving suspiciously (had inspector opened) and much more that I can’t disclose here.
interesting.
i’m interpreting “add a piece of code to their domains”, adding code to their websites.
What you are trying to do is similar to de-anonimizing TOR users, in that area of the internet they are concerned about browser exploits bypassing TOR / VPN, and i’ve heard the webRTC api in that context.Fingerprinting may also be used.
important note:
- Security should support the business, when limiting user experience there must be high confidence of “badness”, otherwise this might hurt the business, when making a product you’ll have to account for that. e.g. i want to visit your website from my work device, which has a vpn, at home i’m using a vpn, i’m on vacation & using a vpn, …
- Most other methods other than looking at the networking data IP, TTL, latency have privacy implications.
- Rules like “having inspector open” may generate many alerts that turn out to be false positive, not desirable for a security team.
- Detection rules should be clear, and there should be a way to respond to a detection rule.
- Many measures such as disabling copy/past & inspect element lack evidence on improving the security of an organisation besides frustrating users
- There may be legal implications on processing this data (GDPR)
- anything public should not be considered safe, game client, website, applications, … The primary focus should be on hardening the systems that interact with the public, validating all the data and actions received from them, measures such as strong authentication mechanisms, patch management, secure configuration are typically more effective.
Sorry, I meant restricting all ports except
Employees don’t have personal routers at work. If that’s allowed, you’ve got way bigger problems in your office. If someone’s using a VPN on their router at home and want to prevent that, you geo-restrict where your users can VPN in from. No real way to identify that the traffic originated from a VPN node if its IP source isn’t associated with known VPN providers.
Yes I understand that. I meant in a public environment. Public VPN I should’ve mentioned.
Oh sorry you said “to say” I’m just an idiot
I thought this was for WFH users. What companies are allowing VPNs to run on their machines without the company’s knowledge and support?
Nope, an idiot wouldn’t have asked a question and just went on about their day.
I don’t know, OP has given. Us zero actual background on “why”.
Okay, calm down. It matters from a security researcher’s viewpoint in a secure application where you have to authenticate each visit and make sure no intruders have gained access. This is for deeper layer of security.
I would appreciate a nicer tone.
From OP:
Yes, let me clarify. Thank you for asking.
We’re working on an ASM (Attack surface monitoring) tool which will have a feature where organizations can add a piece of code to their domains and get the data back in the ASM tool of how many of their users are on VPN and it will also generate deeper analytics like if someone was behaving suspiciously (had inspector opened) and much more that I can’t disclose here.
It’s on our website: https://nccs.neduet.edu.pk/
Just so you know, I am on your side with this. I frequently see IP address and VPN detection and identification a layer of fraud detection. And despite what others are saying, I find it useful.
Yeah, I wasn’t going back to reread the entire post and its reply from scratch. It’s just an “in general” detection of anyone and everyone.
Thank you good sir. Yes exactly, it is for fraud detection as well.
Stop arguing. What is wrong with you. I came here to ask a question and I’m open to learning. If you don’t have the knowledge or can’t answer what I’m asking then simply don’t answer.
Okay. That’s not what I’m looking to do. I want to specifically detect VPN user visits.