[K12OSN] OT: Stopping P2P sharing
EJBoshinski
mistrz.linux at yahoo.com
Fri Apr 20 15:28:12 UTC 2007
Essentially this is exactly what a NAC appliance can do for you. I haven't worked on the equipment for over a year, but from what I have seen in the tech rags lately is that they have evolved quite a bit. I worked on a product called Clean Access from Cisco, and one of the scenarios that they had was to install a small authentication module on each end device. When a user would attempt to access the network (via DHCP), the machine would first be matched against whatever policies you would dictate. If it did not pass, the machine would be shunted off to a separate VLAN to remediate the machine into compliance (service packs, hot fixes, AV patches, etc.) before it would allowed on the "normal" internal subnet. There are other offerings out there now besides Cisco, many based on Linux. It was quiet interesting when I first cracked the box to find out that it too was running on Linux - Fedora, if I remember correctly....
The "integration into the switches" is accomplished by using VLANs, so there is a lot more to setting up your logical network topology than just plugging everything together. But in the end, it is quite effective at controlling who and what gets on your internal network. I suggest that you have a google look at NAC, "network admission control" & "network acess control" for more indepth information. Of course, this is all predicated by what your resources are to accomplish this end result ;-)
-ejb
----- Original Message ----
From: Mel Wade <mel at melwade.com>
To: Support list for open source software in schools. <k12osn at redhat.com>
Sent: Friday, April 20, 2007 10:02:37 AM
Subject: Re: [K12OSN] OT: Stopping P2P sharing
This is what I was thinking. I can effectively block P2P from the outside by blocking ports. The real problem is getting a handle on the large amount of file sharing going on within the network. I would really like to have something that would require monitoring software be in place in order to have access to the network. I'm guessing this would have to integrate into the switches themselves.
Mel
On 4/20/07, EJBoshinski <mistrz.linux at yahoo.com> wrote:
Depending on the physical topology of your network, without a complete network admission compliance policy it may be nearly impossible to implement. Firewalls typically sit at the network edge and do not mediate internal traffic, thus anything on your local subnet will pass unabated unless a firewall is placed at each congregation point (ie - read switch - however even this is incomlete as any traffic internal to the switch will not encounter the firewall). The only complete solution is to have NAC in place that stipulates rulesets that must be met before access is granted to the network. This is where you can enforce your network policies. If you don't meet our standards, you don't get on.... I did some
work on this about a year ago with a MAJOR network gear manufacturer's first step into this market - suffice it to say that the solution at that time was incomplete and convoluted. However in the interim I believe that the technology has improved sufficiently to be able to achieve your desired results. The major hurdle is to get the 'powers that be' to buy into the project and the underlying policies of network access control....
HTH,
-ejb
----- Original Message ----
From: Mel Wade <
mel at melwade.com>
To: Support list for open source software in schools. <k12osn at redhat.com>
Sent: Friday, April 20, 2007 7:55:47 AM
Subject: [K12OSN] OT: Stopping P2P sharing
We are looking for a solution to stop file sharing on student owned computers on our network. Anyone have a solution?
--
Mel Wade
"The real problem
is not whether machines think but whether men do." - BF Skinner
http://www.melwade.com
_______________________________________________
K12OSN mailing list
K12OSN at redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
Ahhh...imagining that irresistible "new car" smell?
Check out
new cars at Yahoo! Autos.
_______________________________________________
K12OSN mailing list
K12OSN at redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
--
Mel Wade
"The real problem is not whether machines think but whether men do." - BF Skinner
http://www.melwade.com
_______________________________________________
K12OSN mailing list
K12OSN at redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20070420/c3d4ca27/attachment.htm>
More information about the K12OSN
mailing list