<html><head><style type="text/css"></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">Essentially this is exactly what a NAC appliance can do for you. I haven't worked on the equipment for over a year, but from what I have seen in the tech rags lately is that they have evolved quite a bit. I worked on a product called Clean Access from Cisco, and one of the scenarios that they had was to install a small authentication module on each end device. When a user would attempt to access the network (via DHCP), the machine would first be matched against whatever policies you would dictate. If it did not pass, the machine would be shunted off to a separate VLAN to remediate the machine into compliance (service packs, hot fixes, AV patches, etc.) before it would allowed on the "normal" internal subnet. There are other offerings out there now besides Cisco, many based on Linux. It was quiet interesting when I first cracked the box to find out that it too was running on Linux - Fedora, if I remember correctly....<br><br>The "integration into the switches" is accomplished by using VLANs, so there is a lot more to setting up your logical network topology than just plugging everything together. But in the end, it is quite effective at controlling who and what gets on your internal network. I suggest that you have a google look at NAC, "network admission control" & "network acess control" for more indepth information. Of course, this is all predicated by what your resources are to accomplish this end result ;-)<br><br>-ejb<br><br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">----- Original Message ----<br>From: Mel Wade <mel@melwade.com><br>To: Support list for open source software in schools. <k12osn@redhat.com><br>Sent: Friday, April 20, 2007 10:02:37 AM<br>Subject: Re: [K12OSN] OT: Stopping P2P sharing<br><br>This is what I was thinking. I can effectively block P2P from the outside by blocking ports. The real problem is getting a handle on the large amount of file sharing going on within the network. I would really like to have something that would require monitoring software be in place in order to have access to the network. I'm guessing this would have to integrate into the switches themselves. <br><br>Mel<br><br><div><span class="gmail_quote">On 4/20/07, <b class="gmail_sendername">EJBoshinski</b> <<a rel="nofollow" target="_blank" href="mailto:mistrz.linux@yahoo.com">mistrz.linux@yahoo.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">Depending on the physical topology of your network, without a complete network admission compliance policy it may be nearly impossible to implement. Firewalls typically sit at the network edge and do not mediate internal traffic, thus anything on your local subnet will pass unabated unless a firewall is placed at each congregation point (ie - read switch - however even this is incomlete as any traffic internal to the switch will not encounter the firewall). The only complete solution is to have NAC in place that stipulates rulesets that must be met before access is granted to the network. This is where you can enforce your network policies. If you don't meet our standards, you don't get on.... I did some work on this about a year ago with a MAJOR network gear manufacturer's first step into this market - suffice it to say that the solution at that time was incomplete and convoluted. However in the interim I believe that the technology has improved sufficiently to be able to achieve your desired results. The major hurdle is to get the 'powers that be' to buy into the project and the underlying policies of network access control.... <br><br>HTH,<br><br>-ejb<span class="q"><br><br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">----- Original Message ----<br>From: Mel Wade <<a rel="nofollow" target="_blank" href="mailto:mel@melwade.com"> mel@melwade.com</a>><br>To: Support list for open source software in schools. <<a rel="nofollow" target="_blank" href="mailto:k12osn@redhat.com">k12osn@redhat.com</a>><br>Sent: Friday, April 20, 2007 7:55:47 AM <br>Subject: [K12OSN] OT: Stopping P2P sharing<br><br>We are looking for a solution to stop file sharing on student owned computers on our network. Anyone have a solution?<br clear="all"><br>-- <br>Mel Wade<br>"The real problem is not whether machines think but whether men do." - BF Skinner <br><a rel="nofollow" target="_blank" href="http://www.melwade.com">http://www.melwade.com</a> <div>_______________________________________________<br>K12OSN mailing list<br><a rel="nofollow" target="_blank" href="mailto:K12OSN@redhat.com">K12OSN@redhat.com</a><br><a rel="nofollow" target="_blank" href="https://www.redhat.com/mailman/listinfo/k12osn"> https://www.redhat.com/mailman/listinfo/k12osn</a><br>For more info see <<a rel="nofollow" target="_blank" href="http://www.k12os.org">http://www.k12os.org</a>></div></div><br> </span></div></div><span class="ad"><br> <hr size="1">Ahhh...imagining that irresistible "new car" smell?<br> Check out <a rel="nofollow" target="_blank" href="http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LWNhcnM-"> new cars at Yahoo! Autos.</a> </span></div><br>_______________________________________________<br>K12OSN mailing list<br><a rel="nofollow" target="_blank" href="mailto:K12OSN@redhat.com">K12OSN@redhat.com</a><br><a rel="nofollow" target="_blank" href="https://www.redhat.com/mailman/listinfo/k12osn"> https://www.redhat.com/mailman/listinfo/k12osn</a><br>For more info see <<a rel="nofollow" target="_blank" href="http://www.k12os.org">http://www.k12os.org</a>><br></blockquote> </div><br><br clear="all"><br>-- <br>Mel Wade<br>"The real problem is not whether machines think but whether men do." - BF Skinner<br><a rel="nofollow" target="_blank" href="http://www.melwade.com">http://www.melwade.com</a> <div>_______________________________________________<br>K12OSN mailing list<br>K12OSN@redhat.com<br><a target="_blank" href="https://www.redhat.com/mailman/listinfo/k12osn">https://www.redhat.com/mailman/listinfo/k12osn</a><br>For more info see <<a target="_blank" href="http://www.k12os.org">http://www.k12os.org</a>></div></div><br></div></div><br> <hr size=1>Ahhh...imagining that irresistible "new car" smell?<br> Check out <a href="http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LWNhcnM-">new cars at Yahoo! Autos.</a> </body></html>