[K12OSN] OT: Stopping P2P sharing

Rob Owens rowens at ptd.net
Sat Apr 21 00:38:55 UTC 2007


How about simply running a cron job that deletes all *.mpg, *.wmv, etc,
or deletes all files above a certain filesize, or some combination of
both?  Then there will be nothing to share.

-Rob

On Fri, Apr 20, 2007 at 04:33:26PM -0700, Mel Wade wrote:
> We have movies, music, etc being shared across the network.
> 
> I found this product but it starts at about $22k with discount and runs up
> to about $100k for our application.
> *http://tinyurl.com/2cqt6y
> 
> *Great product but too much money.  I wish there was an open source solution
> for NAC.
> 
> On 4/20/07, Steven Santos <steven at simplycircus.com> wrote:
> >
> >I have read a lot of what I would call heavy handed technical aproaches to
> >this.  What I still don't understand is exactly what kind of file sharing
> >you are trying to prevent, and why.
> >
> >
> >
> >  _____
> >
> >Steven Santos
> >Director, Simply Circus, Inc.
> >Email: Steven at SimplyCircus.com
> >Mail: 14 Pierrepont Road
> >       Newton, MA 02462
> >Phone: 617-527-0667
> >  Web: www.SimplyCircus.com <http://www.SimplyCircus.com>
> >
> >
> >
> >> -----Original Message-----
> >> From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com]On
> >> Behalf Of John Lucas
> >> Sent: Friday, April 20, 2007 6:12 PM
> >> To: k12osn at redhat.com
> >> Subject: Re: [K12OSN] OT: Stopping P2P sharing
> >>
> >>
> >> On Friday 20 April 2007 10:02, Mel Wade wrote:
> >> > This is what I was thinking.  I can effectively block P2P from
> >> the outside
> >> > by blocking ports.  The real problem is getting a handle on the large
> >> > amount of file sharing going on within the network.  I would
> >> really like to
> >> > have something that would require monitoring software be in
> >> place in order
> >> > to have access to the network.  I'm guessing this would have to
> >> integrate
> >> > into the switches themselves.
> >> >
> >>
> >> There are several technical approaches that come to mind, but
> >> they may create
> >> more problems than the solve. In order for your users to exchange
> >content
> >> then they need to be allowed on the net, so you need to either
> >> prevent them
> >> from connecting altogether, or you need to be able to allow
> >> access only to
> >> authenticated users access and be able to monitor them.
> >>
> >> The first case can be accomplished by "locking down" each switch
> >> port by MAC
> >> address (for school computers) and disabling open ports (to
> >> prevent student
> >> computers from being able to connect). This will reduce the
> >> usability of the
> >> net (student computers can't use the net) and adds to the operational
> >> difficulty of moves adds and changes. It also assumes that your
> >> switches are
> >> "managed" instead of "dumb".
> >>
> >> The second case assumes that you have an affective acceptable use
> >> policy that
> >> that clearly identifies what may and may not take place on the
> >> network and
> >> enforcing any violation. Many managed switches can be set up to
> >> require IEEE
> >> 802.1X authentication against a RADIUS server and can perform
> >> accounting so
> >> you know what user is using which port at what times. Many switches also
> >> allow any port to be mirrored to a "monitor port" to which you
> >> can attach a
> >> protocol analyzer (allowing you to spot the "illegal" traffic).
> >> This requires
> >> active monitoring and enforcment and may not be a good use of
> >> your time. If
> >> you invested in expensive Layer 3 switches, it might be possible
> >> to prevent
> >> inter-subnet P2P traffic (in a manner similar to that suggested for the
> >> perimeter firwall above), but you would still be faced with
> >intra-segment
> >> sharing.
> >>
> >> Wifi can be implemented using the same IEEE 802.1X authentication and
> >> accounting as managed switches.
> >>
> >> Once the perimeter is controlled (at the firewall) the other
> >> measures provide
> >> diminishing returns due to the personnel time required for monitoring
> >and
> >> enforcement. I can't emphasize enough the vital importance of a clear
> >and
> >> enforcable Acceptable Use Policy, without that being understood by all
> >> parties, you won't be able to enforce anything. Not all solutions are
> >> technical.
> >>
> >> I don't think there is a "silver bullet" to techincally solve
> >> this problem. If
> >> ever there is, I predict it will be expensive.
> >>
> >> > Mel
> >> >
> >> > On 4/20/07, EJBoshinski <mistrz.linux at yahoo.com> wrote:
> >> > > Depending on the physical topology of your network, without a
> >complete
> >> > > network admission compliance policy it may be nearly impossible to
> >> > > implement.  Firewalls typically sit at the network edge and do not
> >> > > mediate internal traffic, thus anything on your local subnet will
> >pass
> >> > > unabated unless a firewall is placed at each congregation point (ie
> >-
> >> > > read switch - however even this is incomlete as any traffic
> >> internal to
> >> > > the switch will not encounter the firewall).  The only
> >> complete solution
> >> > > is to have NAC in place that stipulates rulesets that must be
> >> met before
> >> > > access is granted to the network.  This is where you can enforce
> >your
> >> > > network policies.  If you don't meet our standards, you don't
> >> get on....
> >> > > I did some work on this about a year ago with a MAJOR network gear
> >> > > manufacturer's first step into this market - suffice it to
> >> say that the
> >> > > solution at that time was incomplete and convoluted.  However in the
> >> > > interim I believe that the technology has improved sufficiently to
> >be
> >> > > able to achieve your desired results.  The major hurdle is to get
> >the
> >> > > 'powers that be' to buy into the project and the underlying
> >> policies of
> >> > > network access control....
> >> > >
> >> > > HTH,
> >> > >
> >> > > -ejb
> >> > >
> >> > > ----- Original Message ----
> >> > > From: Mel Wade <mel at melwade.com>
> >> > > To: Support list for open source software in schools.
> >> <k12osn at redhat.com>
> >> > > Sent: Friday, April 20, 2007 7:55:47 AM
> >> > > Subject: [K12OSN] OT: Stopping P2P sharing
> >> > >
> >> > > We are looking for a solution to stop file sharing on student owned
> >> > > computers on our network.  Anyone have a solution?
> >> > >
> >> > > --
> >> > > Mel Wade
> >> > > "The real problem is not whether machines think but whether
> >> men do." - BF
> >> > > Skinner
> >> > > http://www.melwade.com_______________________________________________
> >> > > K12OSN mailing list
> >> > > K12OSN at redhat.com
> >> > > https://www.redhat.com/mailman/listinfo/k12osn
> >> > > For more info see <http://www.k12os.org>
> >> > >
> >> > >
> >> > > ------------------------------
> >> > > Ahhh...imagining that irresistible "new car" smell?
> >> > > Check out new cars at Yahoo!
> >> > >
> >> Autos.<http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars
> >.
> >> >
> >> >html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGs
> >> DbmV3LWNh
> >> > >cnM->
> >> > >
> >> > > _______________________________________________
> >> > > K12OSN mailing list
> >> > > K12OSN at redhat.com
> >> > > https://www.redhat.com/mailman/listinfo/k12osn
> >> > > For more info see <http://www.k12os.org>
> >>
> >> --
> >>         "History doesn't repeat itself; at best it rhymes."
> >>                         - Mark Twain
> >>
> >> | John Lucas                          MrJohnLucas at gmail.com
> >>         |
> >> | St. Thomas, VI 00802
> >http://mrjohnlucas.googlepages.com/ |
> >| 18.3°N, 65°W                        AST (UTC-4)
> >|
> >
> >_______________________________________________
> >K12OSN mailing list
> >K12OSN at redhat.com
> >https://www.redhat.com/mailman/listinfo/k12osn
> >For more info see <http://www.k12os.org>
> >
> >
> >
> >_______________________________________________
> >K12OSN mailing list
> >K12OSN at redhat.com
> >https://www.redhat.com/mailman/listinfo/k12osn
> >For more info see <http://www.k12os.org>
> >
> 
> 
> 
> -- 
> Mel Wade
> "The real problem is not whether machines think but whether men do." - BF
> Skinner
> http://www.melwade.com

> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>




More information about the K12OSN mailing list