[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] OT: Stopping P2P sharing



Yes, and since we are a boarding high school there are safety and legal issues as well as AUP enforcement.

On 4/20/07, Steven Santos < steven simplycircus com> wrote:
Is this causing bandwidth problems for your network?
 

Steven Santos
Director, Simply Circus, Inc.
Email: Steven SimplyCircus com
 Mail: 14 Pierrepont Road
       Newton, MA 02462
Phone: 617-527-0667
  Web: www.SimplyCircus.com
 
-----Original Message-----
From: k12osn-bounces redhat com [mailto:k12osn-bounces redhat com]On Behalf Of Mel Wade
Sent: Friday, April 20, 2007 7:33 PM
To: Support list for open source software in schools.
Subject: Re: [K12OSN] OT: Stopping P2P sharing

We have movies, music, etc being shared across the network.

I found this product but it starts at about $22k with discount and runs up to about $100k for our application.
http://tinyurl.com/2cqt6y

Great product but too much money.  I wish there was an open source solution for NAC.

On 4/20/07, Steven Santos < steven simplycircus com> wrote:
I have read a lot of what I would call heavy handed technical aproaches to this.  What I still don't understand is exactly what kind of file sharing you are trying to prevent, and why.



  _____

Steven Santos
Director, Simply Circus, Inc.
Email: Steven SimplyCircus com
Mail: 14 Pierrepont Road
       Newton, MA 02462
Phone: 617-527-0667
  Web: www.SimplyCircus.com < http://www.SimplyCircus.com>



> -----Original Message-----
> From: k12osn-bounces redhat com [mailto:k12osn-bounces redhat com]On
> Behalf Of John Lucas
> Sent: Friday, April 20, 2007 6:12 PM
> To: k12osn redhat com
> Subject: Re: [K12OSN] OT: Stopping P2P sharing
>
>
> On Friday 20 April 2007 10:02, Mel Wade wrote:
> > This is what I was thinking.  I can effectively block P2P from
> the outside
> > by blocking ports.  The real problem is getting a handle on the large
> > amount of file sharing going on within the network.  I would
> really like to
> > have something that would require monitoring software be in
> place in order
> > to have access to the network.  I'm guessing this would have to
> integrate
> > into the switches themselves.
> >
>
> There are several technical approaches that come to mind, but
> they may create
> more problems than the solve. In order for your users to exchange content
> then they need to be allowed on the net, so you need to either
> prevent them
> from connecting altogether, or you need to be able to allow
> access only to
> authenticated users access and be able to monitor them.
>
> The first case can be accomplished by "locking down" each switch
> port by MAC
> address (for school computers) and disabling open ports (to
> prevent student
> computers from being able to connect). This will reduce the
> usability of the
> net (student computers can't use the net) and adds to the operational
> difficulty of moves adds and changes. It also assumes that your
> switches are
> "managed" instead of "dumb".
>
> The second case assumes that you have an affective acceptable use
> policy that
> that clearly identifies what may and may not take place on the
> network and
> enforcing any violation. Many managed switches can be set up to
> require IEEE
> 802.1X authentication against a RADIUS server and can perform
> accounting so
> you know what user is using which port at what times. Many switches also
> allow any port to be mirrored to a "monitor port" to which you
> can attach a
> protocol analyzer (allowing you to spot the "illegal" traffic).
> This requires
> active monitoring and enforcment and may not be a good use of
> your time. If
> you invested in expensive Layer 3 switches, it might be possible
> to prevent
> inter-subnet P2P traffic (in a manner similar to that suggested for the
> perimeter firwall above), but you would still be faced with intra-segment
> sharing.
>
> Wifi can be implemented using the same IEEE 802.1X authentication and
> accounting as managed switches.
>
> Once the perimeter is controlled (at the firewall) the other
> measures provide
> diminishing returns due to the personnel time required for monitoring and
> enforcement. I can't emphasize enough the vital importance of a clear and
> enforcable Acceptable Use Policy, without that being understood by all
> parties, you won't be able to enforce anything. Not all solutions are
> technical.
>
> I don't think there is a "silver bullet" to techincally solve
> this problem. If
> ever there is, I predict it will be expensive.
>
> > Mel
> >
> > On 4/20/07, EJBoshinski <mistrz linux yahoo com> wrote:
> > > Depending on the physical topology of your network, without a complete
> > > network admission compliance policy it may be nearly impossible to
> > > implement.  Firewalls typically sit at the network edge and do not
> > > mediate internal traffic, thus anything on your local subnet will pass
> > > unabated unless a firewall is placed at each congregation point (ie -
> > > read switch - however even this is incomlete as any traffic
> internal to
> > > the switch will not encounter the firewall).  The only
> complete solution
> > > is to have NAC in place that stipulates rulesets that must be
> met before
> > > access is granted to the network.  This is where you can enforce your
> > > network policies.  If you don't meet our standards, you don't
> get on....
> > > I did some work on this about a year ago with a MAJOR network gear
> > > manufacturer's first step into this market - suffice it to
> say that the
> > > solution at that time was incomplete and convoluted.  However in the
> > > interim I believe that the technology has improved sufficiently to be
> > > able to achieve your desired results.  The major hurdle is to get the
> > > 'powers that be' to buy into the project and the underlying
> policies of
> > > network access control....
> > >
> > > HTH,
> > >
> > > -ejb
> > >
> > > ----- Original Message ----
> > > From: Mel Wade < mel melwade com>
> > > To: Support list for open source software in schools.
> <k12osn redhat com>
> > > Sent: Friday, April 20, 2007 7:55:47 AM
> > > Subject: [K12OSN] OT: Stopping P2P sharing
> > >
> > > We are looking for a solution to stop file sharing on student owned
> > > computers on our network.  Anyone have a solution?
> > >
> > > --
> > > Mel Wade
> > > "The real problem is not whether machines think but whether
> men do." - BF
> > > Skinner
> > > http://www.melwade.com _______________________________________________
> > > K12OSN mailing list
> > > K12OSN redhat com
> > > https://www.redhat.com/mailman/listinfo/k12osn
> > > For more info see <http://www.k12os.org>
> > >
> > >
> > > ------------------------------
> > > Ahhh...imagining that irresistible "new car" smell?
> > > Check out new cars at Yahoo!
> > >
> Autos.<http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars .
> >
> >html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGs
> DbmV3LWNh
> > >cnM->
> > >
> > > _______________________________________________
> > > K12OSN mailing list
> > > K12OSN redhat com
> > > https://www.redhat.com/mailman/listinfo/k12osn
> > > For more info see <http://www.k12os.org >
>
> --
>         "History doesn't repeat itself; at best it rhymes."
>                         - Mark Twain
>
> | John Lucas                           MrJohnLucas gmail com
>         |
> | St. Thomas, VI 00802
http://mrjohnlucas.googlepages.com/ |
| 18.3�N, 65�W                        AST (UTC-4)                         |

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>



_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>



--
Mel Wade
"The real problem is not whether machines think but whether men do." - BF Skinner
http://www.melwade.com

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>



--
Mel Wade
"The real problem is not whether machines think but whether men do." - BF Skinner
http://www.melwade.com
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]