[Full-Disclosure] Blocking Music Sharing.
smenard at nbnet.nb.ca
Mon Sep 15 20:06:19 BST 2003
MessageMark , Jason
POLICIES, to be allowed to monitor; and then block;.disallowed network
POLICIES to Disallow File/music sharing
LAYERED SECURITY, Default DENY
Policies so admin can do admin stuff :-) CYA
Then Applications allowed on PC/Mac, and Network.
leads to protocols allowed., disallowed,
priority for that computer's business purposes. and
Now how about incoming access?
Should the net be able to connect to your PCs on any port whatsoever?
Should the net be able to innitiate a connectoin? DENY incoming
Can your stations connect OUT to any port? or just
web 80, DNS 53, mail pop110 smtp25, real-video, quicktime, windows media
How do you determine LEGETIMATE Uses??
DEFAULT DENY,.....DEFAULT DENY .LAYERED SECURITY
Any connection allowed out by your firewall will probably let the return
so click a link you've bought the farm [under 10 inches of Florida swamp]
do your Computers allow ports to be open wide to the net?
HTTP will allow alot to be tunnelled - beware
Users will attempt to sidestep any walls you put up,
have managements approval and understanding of ALL implications;
Legal , Financial, Managerial , Wasted Resources,
bandwitdh station net usage protocols used. traffic downloaded/uploaded.
stations/net addresses actively in use
intrusion & usage & network monitoring
Program Killer- do not allow unauthorized programs to run,
verify whether it's possible to bypass by changing name of application?
Firewall, hardware, [consumer] higher end will do better of course
Consumer may not have a lot of entries available in memory
D-Link and others [consumer] has a limit of about 15 rules pick & choose
3Com office Connect also has list length limits; so beware....
Allow certain applications to juse network resources
password protect configurations
Symantec client security, personal firewall
limits on DATED - DNS entries -- for example if DNS changes blocked IP
ZoneAlarm and many others
Filesharing applications and where to download.
http://www.novell.com/coolsolutions/tools/1402.html --- The Program Killer
is a Delphi 6 program that monitors the Process List on Windows 95/98/Me and
Windows NT4/2000/XP for unauthorized EXE files (User Definable) and if
found, those Processes are Terminated via the Windows API. --
Intellectual "Property" in the Digital Age --
Firewall: Hardware or Software Combination Best
ingress & egress filtering action of firewalls is for.this type of purpose.
Depending on your firewall you may not have the degree of configuration that
this would require.
It is hard to play Cat N Mouse with the Pied Piper tunes.
Block the servers, that the client queries. [no data from ; no data
block the ports used for communication between the client & server
configure a software firewall to disallow the applications. [on the client
Check the pages FAQ for the ports in use.
most firewall vendors have the desired setting to allow or deny those ports.
Snort is good to monitor, scripts can be added to automativcally performed
desired actions depending on data collected. SOME ONE must periodically
steve at Byte Busters dot ca
Saint John, NB,
----- Original Message -----
From: Jason Bethune
To: full-disclosure at lists.netsys.com
Sent: Monday, September 15, 2003 2:06 PM
Subject: RE: [Full-Disclosure] Blocking Music Sharing.
Snort is one tool used by alot of IT guys to block file sharing programs.
THe trouble with these programs is that they have built in port "movers"
that will scan the local network to find an available port to work on.
Scripting is one way to do it....but that mostly just alerts you to the fact
that there is traffice being used on your network for file sharing. I would
like to know an exact way to block file sharing as well...
Town of Kentville
354 Main Street
From: full-disclosure-admin at lists.netsys.com
[mailto:full-disclosure-admin at lists.netsys.com] On Behalf Of Johnson, Mark
Sent: Monday, September 15, 2003 1:37 PM
To: full-disclosure at lists.netsys.com
Subject: [Full-Disclosure] Blocking Music Sharing.
Due to the legal issues, I am trying to block access to sites like Kazaa and
Limewire in the office. If I am not mistaken, these networks can use
different ports each time, so there is no way to block it at the firewall.
Is this right? And if so, what is the best way to block access to these
types of sites?
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.518 / Virus Database: 316 - Release Date: 9/12/2003
Full-Disclosure is hosted and sponsored by Secunia.