The problem is that if your in an educational environment (such as I am)
HR doesn't mean much to students... I guess I can hand them over to
our VP of Admissions...
----- Original Message -----
From: "Michael T. Babcock" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, February 09, 2001 11:15 AM
Subject: Re: napster
> It should almost be a FAQ for this list -- implemente policies in writing
> first, not on the firewall. If users are not allowed to use Napster,
chat
> clients, etc., then H.R. needs to deal with that. If you have a bandwidth
> congestion problem, install a router that can do one of the many fairness
> queuing protocols to even out bandwidth use between protocols. Using
snort
> to watch for breaches in the policy and then reporting those to H.R. are
> more productive than doing hidden 'user vs. I.S. admin' wars.
>
> On the note of fairness queuing: I set up any gateway machine (intranet or
> internet) to prioritise known traffic over unknown. That way I can leave
> open internal ports above 1023 and not worry about bandwidth congestion
> (anything destined to port 80, 443, 21, 22, 3128, etc. get priority over
the
> rest). Monitoring bandwidth use of 'known' protocols then allows me to
know
> how congested the network really is (it may be at 80% use, but only 20%
> known traffic -- so I know no network upgrade is needed).
>
> ----- Original Message -----
> From: "Daniel Crichton" <[EMAIL PROTECTED]>
>
>
> I totally agree here - we now have a policy that outlines what may be used
> on
> the company network, and Napster and Gnutella are on the banned list. The
> one person we had who sparked off our whole Napster/Gnutella "manhunt"
> here managed to shift over 750Mb of MP3s in 3 days, and it was only by
> trawling the firewall logs that we spotted it. ... We now run Snort
> and other packet sniffers to watch out for traffic for protocols we don't
> allow
> and get alerts fired to all security admins when something suspicious is
> found, and we're investigating the use of Snort to automatically close the
> connection using the new ability to intercept the connection and send the
> RST packets.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
