Patrick, Another option would be not to allow communication between users at all; put a Packet Shaper on the internet connection to control P2P to the outside world. This how we handle our wireless users at HVCC. We also have NAC, but we don't do agents on personal devices. It would be nice, but we don't have the resources to deal with thousands of devices. We use NAC to determine roles to be assigned, QoS, etc.. Agentless scans are done to learn a little more about the devices. NAC is used in other areas of our network as well.
You should take a look at Enterasys's NAC, especially if you have other Enterasys products on your network like Policy Manager. It works pretty awesome with policy. Thanks, Rob On Thu, Sep 13, 2012 at 9:30 AM, Jeffrey Rice <[email protected]> wrote: > Patrick,**** > > ** ** > > You’re right. The port hopping of P2P programs makes it very difficult to > control. Some schools opt for segmenting the student traffic on a separate > network with a dedicated internet connection. They let the students police > themselves and fight it out for bandwidth.**** > > ** ** > > We’ve not done that, but we’ve used a variety of methods of the years. By > far packet shaping has been the best. We were using Packeteer but made the > switch to Procera a few years ago. It has been fantastic and almost > instantly decreased our P2P traffic.**** > > ** ** > > NAC is another good solution. We use Bradford Networks for ours. > Bradford makes both a dissolvable agent and a persistent agent. To > effectively control P2P using NAC, Jason is correct. You’d have to install > an persistent agent. If you are like us, we are very reluctant to install > software on students computers so we opted for the dissolvable agent. It > doesn’t help us with P2P but does help us identify users and machines.**** > > ** ** > > My two cents.**** > > Jeff**** > > ** ** > > ** ** > > Jeffrey P. Rice > Network and Telecommunications Engineer > Department of Information Technology > Olivet Nazarene University**** > > One University Avenue**** > > Bourbonnais, Illinois 60914 > 815-928-5540 (office)**** > > **** > > **** > > *" . . But God put his love on the line for us by offering his Son in > sacrificial death while we were of no use whatever to him. ***** > > *Now that we are set right with God by means of this sacrificial death, > the consummate blood sacrifice, there is no longer a question of being at > odds with God in any way."* - Romans 5:7-9 (MSG)**** > > **** > > This message is from the Office of Information Technology at Olivet > Nazarene University and is intended only for the recipient to whom it is > addressed. This message and attachments may contain confidential or > privileged information (including FERPA-protected information) and are > intended solely for the use of the recipient noted above. Please do not > share or forward this e-mail without the permission of the sender. If you > are not the proper addressee, please do not review, disclose, copy, > distribute or use the contents of this message; please destroy the message > immediately and notify me at 815-928-5540 or [email protected]**** > > **** > > [image: Description: Description: > cid:BLQAOIQENZTQ.IMAGE_24.jpg]<http://www.olivet.edu/> > **** > > ** ** > > ** ** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] > *Sent:* Thursday, September 13, 2012 8:06 AM > > *To:* Enterasys Customer Mailing List > *Subject:* RE: [enterasys] Blocking bittorrent and P2P**** > > ** ** > > Like Rob also mentioned, your best bet though would be NAC, that way via > the assessment scan, you can make it mandatory for the NAC agents installed > on your computers to automatically stop/shutdown know P2P processes or > services. > > Thanks, > > Jason Rearick > Network Engineer > Home Office: Info Center > Utica National Insurance Group > P.O. Box 530 > Utica, NY 13503 > > Email: [email protected] > Phone:315-734-2704 > > > > From: Patrick Printz <[email protected]> > To: "Enterasys Customer Mailing List" <[email protected]>, > > Date: 09/13/2012 08:50 AM > Subject: RE: [enterasys] Blocking bittorrent and P2P **** > > ------------------------------ > > > > > I have both. I guess my concern was that bittorrent and P2P are adapting > and can use such a wide range of ports, even port 80. Just didn’t know if > there was anything beyond blocking the default ports that people have > tested. > > I will definitely look in oneview though. Thanks. > > *Patrick Printz* > *Network Infrastructure* > > Quinsigamond Community College > 670 West Boylston Street > Worcester, MA 01606-2092 > w. 508-854-7517 > c. 508-726-9529 > > > "If a man is called a street sweeper, he should sweep streets even as > Michelangelo painted, or Beethoven composed music, or Shakespeare wrote > poetry. He should sweep streets so well that all the hosts of heaven and > Earth will pause to say, Here lived a great street sweeper who did his job > well." > ~Martin Luther King, Jr. > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] > * > Sent:* Thursday, September 13, 2012 7:08 AM > * > To:* Enterasys Customer Mailing List > * > Subject:* Re: [enterasys] Blocking bittorrent and P2P > > > Do you own Netsights Policy Manager, and or Oneview? Because with just > Policy Manager, you can build the service and rule to block it, and if you > have Oneview and run netflow, you can right click on the flow and make the > rule quickly. > Thanks, > > > Jason Rearick > Network Engineer > Home Office: Info Center > Utica National Insurance Group > P.O. Box 530 > Utica, NY 13503 > > > Email: [email protected] > Phone:315-734-2704 > > Sent from my iPhone > > On Sep 13, 2012, at 6:43 AM, "Patrick Printz" <[email protected]> > wrote: > How do you block bittorrent and P2P traffic? Is it something that can be > done via policy or ACL’s? I know I could do it with a packet shaper, but we > do not have one yet. I am just curious is someone else has thought of some > ingenious way of keeping this traffic contained. > > *Patrick Printz* > *Network Infrastructure* > > Quinsigamond Community College > 670 West Boylston Street > Worcester, MA 01606-2092 > w. 508-854-7517 > c. 508-726-9529 > > > "If a man is called a street sweeper, he should sweep streets even as > Michelangelo painted, or Beethoven composed music, or Shakespeare wrote > poetry. He should sweep streets so well that all the hosts of heaven and > Earth will pause to say, Here lived a great street sweeper who did his job > well." > ~Martin Luther King, Jr. > **** > > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] **** > > · --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] **** > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] **** > > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] **** > > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] > > --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
<<image001.jpg>>
