|
Home > Archive > Security+ > December 2003 > opinion is needed
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| clintax 2003-12-10, 12:33 pm |
| Hi guys!
What is the cost effective and most efficient way of blocking P2P applications and other similar programs
thanks | |
|
| Being used where?
On a business network? A personal network? A personal PC? | |
| clintax 2003-12-10, 2:33 pm |
| on a business network! | |
|
| a firewall seems the most logical answer here... if you block the port it uses, you're all done. | |
| jdmurray 2003-12-10, 6:24 pm |
| All the machines in a business network will go through a switch bank of some sort. If your switches can block packets based on layer 3 info (network port), then you just have to set the configuration. If course, some P2P IM apps have the option of setting which port number(s) they use. You can trap these types of IM apps using layer 7 filtering, but that's usually done on each host and not at the router/switch. | |
|
| Just a quick note: this is the net+ forum. Please people remember that for the Net+ test, a switch is a layer 2 device, not a layer three device.
Note that the industry has come up - rather regrettably imho - with layer 3 switches.
So for the test: if a question refers to a "switch" with no more info, assume it's a layer 2 device. IF it says a layer 3 switch, then act accordingly... | |
| Tarzanboy 2003-12-10, 7:52 pm |
| As scary as it might be to some, limiting user abilities might be the best solution. This is especially true if you limit the ability of the users to install software, through the use of ACLs and policies or a programs such as WinLock.
A firewall would be good to block at least some of it, especially if you utilize a deny by default rule. Unfortunately it may not prove to be totally effective as some applications will allow custom ports or can "tunnel" using port 80. The effectiveness of this in the long term would certainly depend on periodic network monitoring and scanning as well as keeping track of what the P2P applications are available and what ports they are using.
Cheers,
TB | |
|
| make sure that you have your users screwed down with as tight control as practical  | |
| jdmurray 2003-12-10, 9:10 pm |
| quote:
Just a quick note: this is the net+ forum. Please people remember that for the Net+ test, a switch is a layer 2 device, not a layer three device.
A switch is a layer 2 device for switching packets, but it can also provide layer 3 and 4 packet filtering, just as routers can. Hell, a switch or router that has integrated spam and/or virus scanning is also a layer 7 filter! Where do you draw the line any more?
And layer 7 filtering will also catch any protocol tunneling. Now all we need are IM apps with polymorhic protocols. Hoo boy!
It's a huge deal to roll-out, but those workstation management frameworks, like ZenWorks for Netware, are a solution. No apps can be installed on the user's workstation unless it's by the IT staff. Users are disallowed from running any installation programs. If the user copies the app to the hard drive and manually installs it, the nightly asset check of all workstation will either erase all of the illegal files, or simply do a full restore of the hard drive's partition. | |
| clintax 2003-12-17, 3:14 pm |
| splendid!
thanks guys | |
|
| quote:
Originally posted by jdmurray
Hell, a switch or router that has integrated spam and/or virus scanning is also a layer 7 filter! Where do you draw the line any more?
my point exactly, which is why I wanted to make things clear for students new to Net+ |
|
|
|
|