Re: [Full-Disclosure] Blocking Music Sharing.

• Previous message: christopher neitzert: "[Full-Disclosure] new ssh exploit?"
• In reply to: Jason Bethune: "RE: [Full-Disclosure] Blocking Music Sharing."
• Next in thread: Dimitri Limanovski: "Re: [Full-Disclosure] Blocking Music Sharing."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Mon, 15 Sep 2003 16:06:19 -0300

MessageMark , Jason
POLICIES, to be allowed to monitor; and then block;.disallowed network
Activities
POLICIES to Disallow File/music sharing
       LAYERED SECURITY, Default DENY
Policies so admin can do admin stuff :-) CYA
Then Applications allowed on PC/Mac, and Network.
leads to protocols allowed., disallowed,
priority for that computer's business purposes. and

Now how about incoming access?
Should the net be able to connect to your PCs on any port whatsoever?
Should the net be able to innitiate a connectoin? DENY incoming
Can your stations connect OUT to any port? or just
web 80, DNS 53, mail pop110 smtp25, real-video, quicktime, windows media
player,
How do you determine LEGETIMATE Uses??

  DEFAULT DENY,.....DEFAULT DENY .LAYERED SECURITY
Any connection allowed out by your firewall will probably let the return
request through,
so click a link you've bought the farm [under 10 inches of Florida swamp]
:-)
do your Computers allow ports to be open wide to the net?
HTTP will allow alot to be tunnelled - beware

Users will attempt to sidestep any walls you put up,
have managements approval and understanding of ALL implications;
Legal , Financial, Managerial , Wasted Resources,

NTOP,
bandwitdh station net usage protocols used. traffic downloaded/uploaded.
Throughput
stations/net addresses actively in use
SNORT
intrusion & usage & network monitoring
Program Killer- do not allow unauthorized programs to run,
verify whether it's possible to bypass by changing name of application?

Firewall, hardware, [consumer] higher end will do better of course
Consumer may not have a lot of entries available in memory
D-Link and others [consumer] has a limit of about 15 rules pick & choose
3Com office Connect also has list length limits; so beware....
Firewall Software
Allow certain applications to juse network resources
password protect configurations
Symantec client security, personal firewall
limits on DATED - DNS entries -- for example if DNS changes blocked IP
doesn't
ZoneAlarm and many others

Filesharing applications and where to download.
http://www.google.ca/search?q=cache:smfwrh9iAUMJ:www.karalahana.com/guide/file%2520share.htm+block+kazaa+limewire+grokster&hl=en&ie=UTF-8

http://www.novell.com/coolsolutions/tools/1402.html --- The Program Killer
is a Delphi 6 program that monitors the Process List on Windows 95/98/Me and
Windows NT4/2000/XP for unauthorized EXE files (User Definable) and if
found, those Processes are Terminated via the Windows API. --
http://www.google.ca/search?q=cache:yesf6WYcC_IJ:kb.state.ar.us/sysadmin/kb/docs/1044054966:7900.html+block+kazaa+limewire+grokster&hl=en&ie=UTF-8

Intellectual "Property" in the Digital Age --
http://www.google.ca/search?q=cache:02-w85Sk-McJ:msl1.mit.edu/ESD10/sslinks/links.php%3Fcat%3D51+block+kazaa+limewire+grokster&hl=en&ie=UTF-8

Firewall: Hardware or Software Combination Best
ingress & egress filtering action of firewalls is for.this type of purpose.
Depending on your firewall you may not have the degree of configuration that
this would require.
It is hard to play Cat N Mouse with the Pied Piper tunes.

Block the servers, that the client queries. [no data from ; no data
   ]:-)
 block the ports used for communication between the client & server
666,7777,8888 etc
configure a software firewall to disallow the applications. [on the client
PC]
Check the pages FAQ for the ports in use.
most firewall vendors have the desired setting to allow or deny those ports.

Snort is good to monitor, scripts can be added to automativcally performed
desired actions depending on data collected. SOME ONE must periodically
verify

smenard
steve at Byte Busters dot ca

Saint John, NB,
Canada,

----- Original Message -----
From: Jason Bethune
To: full-disclosure@lists.netsys.com
Sent: Monday, September 15, 2003 2:06 PM
Subject: RE: [Full-Disclosure] Blocking Music Sharing.

Snort is one tool used by alot of IT guys to block file sharing programs.
THe trouble with these programs is that they have built in port "movers"
that will scan the local network to find an available port to work on.
Scripting is one way to do it....but that mostly just alerts you to the fact
that there is traffice being used on your network for file sharing. I would
like to know an exact way to block file sharing as well...

Jason Bethune

IT Specialist
Town of Kentville
354 Main Street
Kentville, NS
B4N 1K6

www.town.kentville.ns.ca

From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Johnson, Mark
Sent: Monday, September 15, 2003 1:37 PM
To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Blocking Music Sharing.

Due to the legal issues, I am trying to block access to sites like Kazaa and
Limewire in the office. If I am not mistaken, these networks can use
different ports each time, so there is no way to block it at the firewall.
Is this right? And if so, what is the best way to block access to these
types of sites?

Many thanks,
Mark J.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.518 / Virus Database: 316 - Release Date: 9/12/2003
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: christopher neitzert: "[Full-Disclosure] new ssh exploit?"
• In reply to: Jason Bethune: "RE: [Full-Disclosure] Blocking Music Sharing."
• Next in thread: Dimitri Limanovski: "Re: [Full-Disclosure] Blocking Music Sharing."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]