Block Brave Borwser

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Block Brave Borwser

L1 Bithead

Hello,

I have noticed that some of our employees are using a brave browser and can easily open blocked websites like Facebook, crypto, games etc. what's the way to block brave browsers.

 

 

Thanks:

 

7 REPLIES 7

L6 Presenter

Maybe write an application signature that matches the User-Agent header. you can use as an examples:

 

Create a Custom Application (paloaltonetworks.com)

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK

 

 

 

My article for referer header but the principle is the same, just find what is the User-agent string for the browser you want to block:

 

LIVEcommunity - Knowledge sharing: Version 10 no 7 byte limit for sinatures examples for Layer 7 (L7...

 

 

Better if you have EDR/Endpoint Protection or Active Directory to block and delete the browser software on the endpoints themselves.

Cyber Elite
Cyber Elite

@HilalWani,

Don't use the firewall to do something it wasn't ever designed to do. User-Agent strings are just that, strings, easily modified in any browser to bypass any restriction you put in place. If your employees are already using Brave to bypass filtering you can also ensure that they'll quickly find out you can modify the User-Agent string to whatever they want and bypass your block.

Instead, do as @nikoolayy1 mentioned at the tale end of his post and use something on the endpoint to block installation of Brave outright. If you have utilize Windows and Active Directory you can easily activate AppLocker and block any publisher you want through AppLocker rules and GPO. Intune and other MDMs can do the same, and the vast majority of Antivirus or EDR solutions can do the exact same thing as long as you have something actively installed and managing these endpoints. 

L1 Bithead

Hi,

i think the employees use the "Tor Tabs" Feature. see https://brave.com/privacy-features/

 

So your approach should not to "Block Brave" but Block Tor connections.

 

Greetings

Coudl you please show me how can i block Tor 

To effectively block the TOR network on firewalls, you can use EDL, I have left a list from the Tor project

https://www.dan.me.uk/torlist/

Block the above list using EDL (external Dynamic list) with an update period of every 24 hours.

Cyber Elite
Cyber Elite

Hello,

I would not recommend a custom application as this disabled a lot of the real-time active threat scanning for that policy its applied to. You can instead block applications that are already existing to prevent its use. I know that it uses DNS over HTTPs so blocking that should prevent most users.

OtakarKlier_0-1743008542695.png

 

Also enabling SSL decryption and URL filtering should block most features and destinations the users are attempting to access.

 

Regards,

Cyber Elite
Cyber Elite

Hello,

For blocking TOR, I would recommend two things:

  1. Use the External Dynamic List to block TOR traffic
    1. https://docs.paloaltonetworks.com/network-security/security-policy/administration/objects/external-d...
    2. There should be one for TOR exist nodes built in.
  2. Only allow known applications:
    1. SSL, HTTPs, etc.

Regards,

  • 4358 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!