Kazaa and Firewalls
12 December 2002, 02:39 PM
#1
Scooby Regular
Thread Starter
Join Date: Oct 2002
Location: London
Posts: 613
Likes: 0
Received 0 Likes
on
0 Posts
I want to stop our users from accessing kazaa from their desktops using our checkpoint firewall, i have the ip range that kazaa.com uses, does that client software connect to those IP's before people can access files from other computers around the world. Should blocking those IP's be sufficient enough.
12 December 2002, 02:59 PM
#5
Scooby Regular
You can also block ports 1214 (default for Kazaa) and (6346 default for Bearshare).
Or do like I do and just block everything, then open up what access is needed.
That way it doesn't look like your directly targeting them.
If it's only one or two people, then I'd just have a quiet word in their shell-like
Stefan
Or do like I do and just block everything, then open up what access is needed.
That way it doesn't look like your directly targeting them.
If it's only one or two people, then I'd just have a quiet word in their shell-like
Stefan
12 December 2002, 03:03 PM
#6
Scooby Regular
Charlie_Boy,
If it's offensive (as in pornographic), then you need to be very careful.
We had one person in our office do this and they were caught by a Manager. She didn't confront him then and there, but asked me to check our Proxy/Firewall logs for evidence.
He was dismissed a week later.
Obviously, if the Management are aware and have just told you to stop it, then follow the advice so far. If they aren't aware, then either have a word with them or report it directly too the management.
Stefan
If it's offensive (as in pornographic), then you need to be very careful.
We had one person in our office do this and they were caught by a Manager. She didn't confront him then and there, but asked me to check our Proxy/Firewall logs for evidence.
He was dismissed a week later.
Obviously, if the Management are aware and have just told you to stop it, then follow the advice so far. If they aren't aware, then either have a word with them or report it directly too the management.
Stefan
12 December 2002, 03:08 PM
#7
Scooby Regular
Thread Starter
Join Date: Oct 2002
Location: London
Posts: 613
Likes: 0
Received 0 Likes
on
0 Posts
Well this guy got let off this time, but it wasn't nice to look at, plus we are finding network disk space getting consumed heavily and there is always the possibility of having the network breached.
Trending Topics
12 December 2002, 04:06 PM
#8
Scooby Regular
Join Date: Sep 2002
Location: The biosphere
Posts: 7,824
Likes: 0
Received 0 Likes
on
0 Posts
I got so fed up with these sorts of problems being chucked back at my IT dept. I stood up infront of our board and told them that as we had an acceptable use policy for IT, then it is up to the line managers to make sure their workforce respect that policy, like any other policy. All employees sign the AUP and understand that breaching it it a disciplinary offence.
Of course we have all normal security precuations enabled such as removing unnecessary ports - but a lot of services have started using port 80 and such like so that their users can access from behind corporate firewalls.
You can only do so much to stop misuse of IT before it becomes so restricted that it starts to lose usefulness, therefore put the problem back into the hands of the managers who are supposed to be responsible for what their people do.
I mean, just because it is IT related doesn't make it any different from them wandering down to the corner shop to buy porno mags on company time does it!
Of course we have all normal security precuations enabled such as removing unnecessary ports - but a lot of services have started using port 80 and such like so that their users can access from behind corporate firewalls.
You can only do so much to stop misuse of IT before it becomes so restricted that it starts to lose usefulness, therefore put the problem back into the hands of the managers who are supposed to be responsible for what their people do.
I mean, just because it is IT related doesn't make it any different from them wandering down to the corner shop to buy porno mags on company time does it!
12 December 2002, 04:45 PM
#10
Scooby Regular
Join Date: Sep 2001
Posts: 112
Likes: 0
Received 0 Likes
on
0 Posts
Downloading **** on company links is a disciplinary, and mostly prosecutable offense. Tell the users that the next guy caught using kazaa for **** or snuff movies (or whatever) will be reported to the police and summarily dismissed.
That'll put the fear of admin into 'em
That'll put the fear of admin into 'em
15 December 2002, 09:17 AM
#11
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
Also bear in mind that KaZaA (like many of these types of programs) have dynamic port ranges - so if the user has a little know-how, they could change the ports used. And also bear in mind that there is an add-on to KaZaA that lets it use TCP port 80 - so it appears to be normal html traffic (similar to the AOL IM client that can use port 80).
There are a number of things to consider:
Check and update (if necessary) your usage policy. As has already been mentioned, the downloading of offensive or illegal (i.e. copyrighted music etc) material may render your company liable - if you are not seen to be taking appropriate steps to stop this, then you are in a lot of trouble. Make sure your staff are aware of this - maybe do a training session on IT security for your staff to make them aware.
You MUST get support from the board or senior management. They need to understand how serious this is. These people are comprimising your company and they will be liable.
Consider an intrusion detection system. As you are finding out, firewalls are not the be-all and end-all of network security. Have a look at Ubizen for some good info.
Consider installing something like Packeteer to look at how much bandwidth is being used by this and similar apps - if nothing else, this will get your Board's attaention as it will be costing them money.
Do a Google search on 'rogue protocols' to get lots of juicy information on why you shouldn't allow people to run these kinds of applications (include KaZaA lite, eDonkey and any number of similar programs).
Good luck!
Chris (Security consultant for Equant - if that was chargable it would have cost you $1000 )
There are a number of things to consider:
Check and update (if necessary) your usage policy. As has already been mentioned, the downloading of offensive or illegal (i.e. copyrighted music etc) material may render your company liable - if you are not seen to be taking appropriate steps to stop this, then you are in a lot of trouble. Make sure your staff are aware of this - maybe do a training session on IT security for your staff to make them aware.
You MUST get support from the board or senior management. They need to understand how serious this is. These people are comprimising your company and they will be liable.
Consider an intrusion detection system. As you are finding out, firewalls are not the be-all and end-all of network security. Have a look at Ubizen for some good info.
Consider installing something like Packeteer to look at how much bandwidth is being used by this and similar apps - if nothing else, this will get your Board's attaention as it will be costing them money.
Do a Google search on 'rogue protocols' to get lots of juicy information on why you shouldn't allow people to run these kinds of applications (include KaZaA lite, eDonkey and any number of similar programs).
Good luck!
Chris (Security consultant for Equant - if that was chargable it would have cost you $1000
)
Thread
Thread Starter
Forum
Replies
Last Post
ozzy
Computer & Technology Related
5
18 February 2002 10:58 PM