Proxy Server/Web Monitoring 1

[SpiderManiac]

Hi,
I'm looking for a way to block downloading and file sharing for some of our employees. I believe the program being used is a p2p program called filetopia. Now, everyone needs to go through the proxy to get out, but I'm not sure if there's a good way to block a p2p using MS Proxy. Our bandwidth is suffering quite a bit, and if we go around and delete the app, they'll just reload it...<sigh>... Any ideas? Also, if anyone can help me understand p2p's a little more, I'd be grateful. From what I've gathered, it seems that a p2p goes to an imparticular IP addy, gathers other IP addys and creates its own network to share files. I guess my best approach would be to find those default IP addys and block those...? Any better ideas out there? Please?

Thanks,
SpiderManiac

 

[brianpaterson]

Does your company employ a firewall or are you using the Proxy to perform this function? Also, do you have a filtering router at the exterior of your network?

The filtering router or firewall can be used to block the specific ports being used by the app.

To find out the port I would suggest using a network sniffer (unless you have a firewall which is the easiest way to check), start it going to record tcp and udp, run the app for a few secs, stop the sniffer.

Look at the packets sent from your IP at this time and you should be able to locate the port in use. Do this a couple of times to make sure it is a static port number as a dynamic one is a real pain to block (almost impossible without a decent firewall actually).

At the end of the day using Proxy on its own is simply not a robust enough security solution. The exploits for Proxy are endless and you need to patch, very, regularly to maintain a decent defence.

Defence in depth is the way to go:

Filtering router
Firewall
Proxy - with suitable caching enabled

This gives flexibility on content filtering and much improved security. It also helps preserve bandwidth by blocking download junkies.

Hope this helps.

Brian