[K12OSN] OT: Stopping P2P sharing

Mel Wade mel at melwade.com
Fri Apr 20 16:52:13 UTC 2007 

Thanks.  I'll look into this...  Goggling away...   It seems there are a
number of competitors out there.  That's good news as well.  I love choices
and competition!

On 4/20/07, EJBoshinski <mistrz.linux at yahoo.com> wrote:
>
> Essentially this is exactly what a NAC appliance can do for you.  I
> haven't worked on the equipment for over a year, but from what I have seen
> in the tech rags lately is that they have evolved quite a bit.  I worked on
> a product called Clean Access from Cisco, and one of the scenarios that they
> had was to install a small authentication module on each end device.  When a
> user would attempt to access the network (via DHCP), the machine would first
> be matched against whatever policies you would dictate.  If it did not pass,
> the machine would be shunted off to a separate VLAN to remediate the machine
> into compliance (service packs, hot fixes, AV patches, etc.) before it would
> allowed on the "normal" internal subnet.  There are other offerings out
> there now besides Cisco, many based on Linux.  It was quiet interesting when
> I first cracked the box to find out that it too was running on Linux -
> Fedora, if I remember correctly....
>
> The "integration into the switches" is accomplished by using VLANs, so
> there is a lot more to setting up your logical network topology than just
> plugging everything together.  But in the end, it is quite effective at
> controlling who and what gets on your internal network.  I suggest that you
> have a google look at NAC, "network admission control" & "network acess
> control" for more indepth information.  Of course, this is all predicated by
> what your resources are to accomplish this end result ;-)
>
> -ejb
>
> ----- Original Message ----
> From: Mel Wade <mel at melwade.com>
> To: Support list for open source software in schools. <k12osn at redhat.com>
> Sent: Friday, April 20, 2007 10:02:37 AM
> Subject: Re: [K12OSN] OT: Stopping P2P sharing
>
> This is what I was thinking.  I can effectively block P2P from the outside
> by blocking ports.  The real problem is getting a handle on the large amount
> of file sharing going on within the network.  I would really like to have
> something that would require monitoring software be in place in order to
> have access to the network.  I'm guessing this would have to integrate into
> the switches themselves.
>
> Mel
>
> On 4/20/07, EJBoshinski <mistrz.linux at yahoo.com> wrote:
> >
> > Depending on the physical topology of your network, without a complete
> > network admission compliance policy it may be nearly impossible to
> > implement.  Firewalls typically sit at the network edge and do not mediate
> > internal traffic, thus anything on your local subnet will pass unabated
> > unless a firewall is placed at each congregation point (ie - read switch -
> > however even this is incomlete as any traffic internal to the switch will
> > not encounter the firewall).  The only complete solution is to have NAC in
> > place that stipulates rulesets that must be met before access is granted to
> > the network.  This is where you can enforce your network policies.  If you
> > don't meet our standards, you don't get on....  I did some work on this
> > about a year ago with a MAJOR network gear manufacturer's first step into
> > this market - suffice it to say that the solution at that time was
> > incomplete and convoluted.  However in the interim I believe that the
> > technology has improved sufficiently to be able to achieve your desired
> > results.  The major hurdle is to get the 'powers that be' to buy into the
> > project and the underlying policies of network access control....
> >
> > HTH,
> >
> > -ejb
> >
> > ----- Original Message ----
> > From: Mel Wade < mel at melwade.com>
> > To: Support list for open source software in schools. <k12osn at redhat.com
> > >
> > Sent: Friday, April 20, 2007 7:55:47 AM
> > Subject: [K12OSN] OT: Stopping P2P sharing
> >
> > We are looking for a solution to stop file sharing on student owned
> > computers on our network.  Anyone have a solution?
> >
> > --
> > Mel Wade
> > "The real problem is not whether machines think but whether men do." -
> > BF Skinner
> > http://www.melwade.com _______________________________________________
> > K12OSN mailing list
> > K12OSN at redhat.com
> > https://www.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
> >
> >
> > ------------------------------
> > Ahhh...imagining that irresistible "new car" smell?
> > Check out new cars at Yahoo! Autos.<http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LWNhcnM->
> >
> > _______________________________________________
> > K12OSN mailing list
> > K12OSN at redhat.com
> > https://www.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
> >
>
>
>
> --
> Mel Wade
> "The real problem is not whether machines think but whether men do." - BF
> Skinner
> http://www.melwade.com _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
>
> ------------------------------
> Ahhh...imagining that irresistible "new car" smell?
> Check out new cars at Yahoo! Autos.<http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LWNhcnM->
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>



-- 
Mel Wade
"The real problem is not whether machines think but whether men do." - BF
Skinner
http://www.melwade.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20070420/e2116632/attachment.htm>

More information about the K12OSN mailing list