Prevent Hotspot and USB Tethering with SEP

Orhan Öztaş
4 min readFeb 8, 2024

At customer environment clients sometimes try to find use another internet connection ways for borderless internet connection. This can be security vulnerability for customer network.

When client connect any Hotspot or USB Tethering source for internet connection we can control this client with just security agents on their computer. After customer use Hotspot or USB Tethering, customer’s Server-Agent connection will lost. When Server can not control agent this can cause some security issues.

USB Tethering is method of share internet connection to computer with cable from your mobile phone.

Hotspot is also method of share internet connection to computer over Wi-Fi. In this method your mobile phone pretending like router.

Client do any malicous activity on their computer and connect again customers legit network this can be harmful for their network. May any information leak from client computer to C2 sources.

If customer using SEP for Endpoint Security we can use Location Awareness module for protect legit network. In this scenario we will prevent Hotspot and USB Tethering usage with Client-Server Connection.

If client try use unlegit network for personal usage Sep client can not connect to Sep Manager over this personel network. Thank for Sep Location Awareness Client-Management Server Connection condition we can detect this unlegit usage.

This module is enabled at default setting. If it is not enable on your client group you can enable from Clients -> Select Client Group -> Policies -> General -> General Settings -> Enable Location Awareness

After enable this module on client group you can ready for add any location for client group. For add any location Clients -> Select Client Group -> Under Tasks, Add Location

At the Add Location Wizard we will first specify location name. Mine is “Hotspot and USB Tethering Prevent”. After this we spesify Client can connect to management server condition. You can change this setting for your environment architecture.

You can choice this options also: Computer IP Address, Gateway Address, WINS Server Address, DNS Server Address, DHCP Server Address, Network Connection Type, Management Server Connection, Trusted Platform Module, DNS Lookup, Registry Key, Wireless SSID, NIC Description, DHCP Connection DNS Suffix, ICMP Request (Ping).

After location creation we can create spesific policies for this location. First one will Firewall Policy. Block all connections without SEPM server hostname and Default Gateway.

We will create another policy on Application and Device control for block almost all device connections. This will uses force client to connect again legit network.

Lastly we will configure Download Protection as 9 for file reputation.

After this hardening rules we can check Windows client computer for usefulness.

Firstly we will check Client Policy Number on Sep client interface. It must be same Sep Manager’s Policy Number. In this Client Group we have to display “Location Awareness:Enabled”

Check USB Tethering ;

When we display our policy applied we can plug in our usb wire to computer and mobile phone. On your mobile phone start USB Tethering feature and share with your computer. When we check our Sep Client Interface displaying location changing Default to Hotspot and USB Tethering Prevent Location.

After this we can see client can not reach any website from this wired internet share.

And when we plug in USB flash drive, device is not working.

Check Hotspot;

We will open hotspot feature on mobile phone and connect with computer’s wireless adaptor. After this connection we can display Hotspot and USB Tethering Prevent Location is our client’s current location.

After this process we can check internet connection and we can see client can not reach any website also with this connection and do nothing with their USB devices.

Thank you for read. For more article like this one you can follow my medium account.

Orhan Öztaş

--

--

Orhan Öztaş

Cyber Security Consultant. Writing articles for helping you about cyber security.