It should almost be a FAQ for this list -- implemente policies in writing
first, not on the firewall. If users are not allowed to use Napster, chat
clients, etc., then H.R. needs to deal with that. If you have a bandwidth
congestion problem, install a router that can do one of the many fairness
queuing protocols to even out bandwidth use between protocols. Using snort
to watch for breaches in the policy and then reporting those to H.R. are
more productive than doing hidden 'user vs. I.S. admin' wars.
On the note of fairness queuing: I set up any gateway machine (intranet or
internet) to prioritise known traffic over unknown. That way I can leave
open internal ports above 1023 and not worry about bandwidth congestion
(anything destined to port 80, 443, 21, 22, 3128, etc. get priority over the
rest). Monitoring bandwidth use of 'known' protocols then allows me to know
how congested the network really is (it may be at 80% use, but only 20%
known traffic -- so I know no network upgrade is needed).
----- Original Message -----
From: "Daniel Crichton" <[EMAIL PROTECTED]>
I totally agree here - we now have a policy that outlines what may be used
on
the company network, and Napster and Gnutella are on the banned list. The
one person we had who sparked off our whole Napster/Gnutella "manhunt"
here managed to shift over 750Mb of MP3s in 3 days, and it was only by
trawling the firewall logs that we spotted it. ... We now run Snort
and other packet sniffers to watch out for traffic for protocols we don't
allow
and get alerts fired to all security admins when something suspicious is
found, and we're investigating the use of Snort to automatically close the
connection using the new ability to intercept the connection and send the
RST packets.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
