Yes, and since we are a boarding high school there are safety and legal issues as well as AUP enforcement.<br><br><div><span class="gmail_quote">On 4/20/07, <b class="gmail_sendername">Steven Santos</b> <<a href="mailto:steven@simplycircus.com">
steven@simplycircus.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<div><span><font face="Courier New">Is this causing
bandwidth problems for your network?</font></span></div>
<div> </div><font size="2"><font face="Courier New">
</font></font><div>
<hr>
</div><font size="2"><font face="Courier New"><span class="q">
<div>Steven Santos<br>Director, Simply Circus, Inc.<br>Email:
<a href="mailto:Steven@SimplyCircus.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">Steven@SimplyCircus.com</a><br> Mail: 14 Pierrepont
Road<br> Newton, MA 02462<br>Phone:
617-527-0667<br> Web: <a href="http://www.simplycircus.com/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">www.SimplyCircus.com</a> </div>
<div></div></span></font> </font></div>
<blockquote style="border-left: 2px solid rgb(0, 0, 0); padding-left: 5px; margin-left: 5px;">
<div dir="ltr" align="left"><font face="Tahoma" size="2"><span class="q">-----Original Message-----<br><b>From:</b> <a href="mailto:k12osn-bounces@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
k12osn-bounces@redhat.com</a>
[mailto:<a href="mailto:k12osn-bounces@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">k12osn-bounces@redhat.com</a>]<b>On Behalf Of </b>Mel Wade<br><b>Sent:</b>
Friday, April 20, 2007 7:33 PM<br><b>To:</b> Support list for open source
software in schools.<br></span></font><div><span class="e" id="q_112116270e53b9c9_4"><font face="Tahoma" size="2"><b>Subject:</b> Re: [K12OSN] OT: Stopping P2P
sharing<br><br></font></span></div></div><div><span class="e" id="q_112116270e53b9c9_6">We have movies, music, etc being shared across the
network.<br><br>I found this product but it starts at about $22k with discount
and runs up to about $100k for our application.<br><b><a href="http://tinyurl.com/2cqt6y" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://tinyurl.com/2cqt6y
</a><br><br></b>Great product but too much money. I wish there was an
open source solution for NAC.<br><br>
<div><span class="gmail_quote">On 4/20/07, <b class="gmail_sendername">Steven
Santos</b> <<a href="mailto:steven@simplycircus.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
steven@simplycircus.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I
have read a lot of what I would call heavy handed technical aproaches to
this. What I still don't understand is exactly what kind of file
sharing you are trying to prevent, and why.
<br><br><br><br> _____<br><br>Steven Santos<br>Director, Simply
Circus, Inc.<br>Email: <a href="mailto:Steven@SimplyCircus.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">Steven@SimplyCircus.com</a><br>Mail:
14 Pierrepont Road<br> Newton, MA
02462<br>Phone: 617-527-0667 <br> Web: <a href="http://www.SimplyCircus.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">www.SimplyCircus.com</a> <<a href="http://www.SimplyCircus.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://www.SimplyCircus.com</a>><br><br><br><br>>
-----Original Message-----<br>> From: <a href="mailto:k12osn-bounces@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">k12osn-bounces@redhat.com</a>
[mailto:<a href="mailto:k12osn-bounces@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">k12osn-bounces@redhat.com</a>]On<br>>
Behalf Of John Lucas<br>> Sent: Friday, April 20, 2007 6:12 PM<br>>
To: <a href="mailto:k12osn@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">k12osn@redhat.com</a><br>>
Subject: Re: [K12OSN] OT: Stopping P2P sharing<br>><br>><br>> On
Friday 20 April 2007 10:02, Mel Wade wrote:<br>> > This is what I was
thinking. I can effectively block P2P from <br>> the
outside<br>> > by blocking ports. The real problem is
getting a handle on the large<br>> > amount of file sharing going on
within the network. I would<br>> really like to<br>> >
have something that would require monitoring software be in <br>> place
in order<br>> > to have access to the network. I'm guessing
this would have to<br>> integrate<br>> > into the switches
themselves.<br>> ><br>><br>> There are several technical
approaches that come to mind, but <br>> they may create<br>> more
problems than the solve. In order for your users to exchange content<br>>
then they need to be allowed on the net, so you need to either<br>>
prevent them<br>> from connecting altogether, or you need to be able to
allow <br>> access only to<br>> authenticated users access and be able
to monitor them.<br>><br>> The first case can be accomplished by
"locking down" each switch<br>> port by MAC<br>> address (for school
computers) and disabling open ports (to <br>> prevent student<br>>
computers from being able to connect). This will reduce the<br>>
usability of the<br>> net (student computers can't use the net) and adds
to the operational<br>> difficulty of moves adds and changes. It also
assumes that your <br>> switches are<br>> "managed" instead of
"dumb".<br>><br>> The second case assumes that you have an affective
acceptable use<br>> policy that<br>> that clearly identifies what may
and may not take place on the <br>> network and<br>> enforcing any
violation. Many managed switches can be set up to<br>> require
IEEE<br>> 802.1X authentication against a RADIUS server and can
perform<br>> accounting so<br>> you know what user is using which port
at what times. Many switches also <br>> allow any port to be mirrored to
a "monitor port" to which you<br>> can attach a<br>> protocol analyzer
(allowing you to spot the "illegal" traffic).<br>> This requires<br>>
active monitoring and enforcment and may not be a good use of <br>> your
time. If<br>> you invested in expensive Layer 3 switches, it might be
possible<br>> to prevent<br>> inter-subnet P2P traffic (in a manner
similar to that suggested for the<br>> perimeter firwall above), but you
would still be faced with intra-segment <br>> sharing.<br>><br>>
Wifi can be implemented using the same IEEE 802.1X authentication
and<br>> accounting as managed switches.<br>><br>> Once the
perimeter is controlled (at the firewall) the other<br>> measures
provide<br>> diminishing returns due to the personnel time required for
monitoring and<br>> enforcement. I can't emphasize enough the vital
importance of a clear and<br>> enforcable Acceptable Use Policy, without
that being understood by all <br>> parties, you won't be able to enforce
anything. Not all solutions are<br>> technical.<br>><br>> I don't
think there is a "silver bullet" to techincally solve<br>> this problem.
If<br>> ever there is, I predict it will be expensive.<br>><br>>
> Mel<br>> ><br>> > On 4/20/07, EJBoshinski <<a href="mailto:mistrz.linux@yahoo.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">mistrz.linux@yahoo.com</a>>
wrote:<br>> > > Depending on the physical topology of your network,
without a complete <br>> > > network admission compliance policy it
may be nearly impossible to<br>> > >
implement. Firewalls typically sit at the network edge and do
not<br>> > > mediate internal traffic, thus anything on your local
subnet will pass <br>> > > unabated unless a firewall is placed at
each congregation point (ie -<br>> > > read switch - however even
this is incomlete as any traffic<br>> internal to<br>> > > the
switch will not encounter the firewall). The only <br>>
complete solution<br>> > > is to have NAC in place that stipulates
rulesets that must be<br>> met before<br>> > > access is granted
to the network. This is where you can enforce your<br>> >
> network policies. If you don't meet our standards, you don't
<br>> get on....<br>> > > I did some work on this about a year
ago with a MAJOR network gear<br>> > > manufacturer's first step
into this market - suffice it to<br>> say that the<br>> > >
solution at that time was incomplete and convoluted. However in
the <br>> > > interim I believe that the technology has improved
sufficiently to be<br>> > > able to achieve your desired
results. The major hurdle is to get the<br>> > > 'powers
that be' to buy into the project and the underlying <br>> policies
of<br>> > > network access control....<br>> > ><br>>
> > HTH,<br>> > ><br>> > > -ejb<br>> >
><br>> > > ----- Original Message ----<br>> > > From:
Mel Wade < <a href="mailto:mel@melwade.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">mel@melwade.com</a>><br>> > > To:
Support list for open source software in schools.<br>> <<a href="mailto:k12osn@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">k12osn@redhat.com</a>><br>> > >
Sent: Friday, April 20, 2007 7:55:47 AM <br>> > > Subject: [K12OSN]
OT: Stopping P2P sharing<br>> > ><br>> > > We are looking
for a solution to stop file sharing on student owned<br>> > >
computers on our network. Anyone have a solution? <br>> >
><br>> > > --<br>> > > Mel Wade<br>> > > "The
real problem is not whether machines think but whether<br>> men do." -
BF<br>> > > Skinner<br>> > > <a href="http://www.melwade.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.melwade.com</a>
_______________________________________________<br>> > > K12OSN
mailing list<br>> > > <a href="mailto:K12OSN@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">K12OSN@redhat.com</a><br>> > > <a href="https://www.redhat.com/mailman/listinfo/k12osn" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
https://www.redhat.com/mailman/listinfo/k12osn</a><br>>
> > For more info see <<a href="http://www.k12os.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.k12os.org</a>> <br>> >
><br>> > ><br>> > >
------------------------------<br>> > > Ahhh...imagining that
irresistible "new car" smell?<br>> > > Check out new cars at
Yahoo!<br>> > > <br>> Autos.<<a href="http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars
</a>.<br>>
><br>>
>html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGs
<br>> DbmV3LWNh<br>> > >cnM-><br>> > ><br>> >
> _______________________________________________<br>> > >
K12OSN mailing list<br>> > > <a href="mailto:K12OSN@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">K12OSN@redhat.com </a><br>> > > <a href="https://www.redhat.com/mailman/listinfo/k12osn" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
https://www.redhat.com/mailman/listinfo/k12osn</a><br>>
> > For more info see <<a href="http://www.k12os.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.k12os.org </a>><br>><br>>
--<br>> "History doesn't
repeat itself; at best it
rhymes."<br>>
- Mark Twain<br>><br>> | John
Lucas <a href="mailto:MrJohnLucas@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
MrJohnLucas@gmail.com</a><br>>
|<br>> | St. Thomas, VI 00802<br><a href="http://mrjohnlucas.googlepages.com/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://mrjohnlucas.googlepages.com/</a>
|<br>| 18.3�N,
65�W AST
(UTC-4)
| <br><br>_______________________________________________<br>K12OSN mailing
list<br><a href="mailto:K12OSN@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">K12OSN@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/k12osn" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
https://www.redhat.com/mailman/listinfo/k12osn
</a><br>For more info see <<a href="http://www.k12os.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.k12os.org</a>><br><br><br><br>_______________________________________________
<br>K12OSN
mailing list<br><a href="mailto:K12OSN@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">K12OSN@redhat.com
</a><br><a href="https://www.redhat.com/mailman/listinfo/k12osn" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">https://www.redhat.com/mailman/listinfo/k12osn</a><br>For
more info see <<a href="http://www.k12os.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.k12os.org</a>><br></blockquote></div><br><br clear="all"><br>-- <br>Mel Wade<br>"The real problem is not whether machines
think but whether men do." - BF Skinner<br><a href="http://www.melwade.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.melwade.com</a>
</span></div></blockquote>
<br>_______________________________________________<br>K12OSN mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:K12OSN@redhat.com">K12OSN@redhat.com</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="https://www.redhat.com/mailman/listinfo/k12osn" target="_blank">
https://www.redhat.com/mailman/listinfo/k12osn</a><br>For more info see <<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.k12os.org" target="_blank">http://www.k12os.org</a>><br></blockquote>
</div><br><br clear="all"><br>-- <br>Mel Wade<br>"The real problem is not whether machines think but whether men do." - BF Skinner<br><a href="http://www.melwade.com">http://www.melwade.com</a>