Thanks again. My ironport rep says that I will have to sub categorize them myself when I determine they are this or that type of traffic.
I will just rely on the fact that the majority will be citrix or webex based and send my team alerts on all of those class 'c' hosts. Enough harassment of the user base and they will begin calling us before calling support, as they should, and we will know exactly when remote access is being made to internal pc's and servers. Will definitely hate this but it will help our users see they could be hurting us really bad, I think. From: Kennedy, Jim [mailto:[email protected]] Posted At: Tuesday, August 14, 2012 4:17 PM Posted To: [email protected] Conversation: Software like citrix or webex?? Subject: RE: Software like citrix or webex?? Certainly not foolproof but it will read source/destination IP and ports and tell it is remote assistance type of traffic based on what the filter company has categorized that traffic as. My M86 is pretty effective at killing all of the better known and many lesser known services for that. The list that was in the beginning of this thread is dead for all my users. I do the same thing for remote desktop for the same reasons. Now if some enterprising Citrix guru puts up a Citrix farm and my users are using it...no my filter is not going to see that and stop it because that guru is far enough off the radar that the filter company would not notice them and categorize them. But as he grew and became more famous they would notice. Again not foolproof but it knocks most of it down and most vendors use the big boys so you are covered there. From: Webster [mailto:[email protected]] Sent: Tuesday, August 14, 2012 4:11 PM To: NT System Admin Issues Subject: Re: Software like citrix or webex?? I don't think an Ironport (or any device) can read and understand the vagaries of the human language and read the intended usage. :) Or did you mean should your Ironport be able to read and filter on the type of IP traffic? Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com <http://www.carlwebster.com/> From: "[email protected]" <[email protected]> Subject: RE: Software like citrix or webex?? Thanks, There should be more because I am still apologizing for the way that came across. Shouldn't my Ironport URL/Web filter be able to see that kind of traffic? From: Kennedy, Jim [mailto:[email protected]] Subject: RE: Software like citrix or webex?? I keep waiting to see if maybe there is more to this conversation and Lyris just has not delivered them yet. David, with all due respect you over reacted there. The answers you got are valid answers to the question as you originally posted it. Now that you have given us more info I suggest you leave the firewall alone and get a web filter. Our M86 for example will let us monitor on a category (remote assistance) and email me an alert that they are going to that type of service. I think that is the best and maybe only manageable way to address your issue. From: Jonathan Link [mailto:[email protected]] Subject: Re: Software like citrix or webex?? Yeah, I'm wooshing here, too. On Tue, Aug 14, 2012 at 12:47 PM, Don Ely <[email protected]> wrote: Seriously?!?!?! Did I miss something here? On Tue, Aug 14, 2012 at 9:31 AM, [email protected] <[email protected]> wrote: Aren't you guys a bundle of f'ing joy. These are specific to the institution that bought them and installed them. So to pick these up I have to 1. rely on my users to tell me when they are being 'helped' over the internet 2. keep track of everyone of these 'helping' sites there is in the universe and update it on a regular basis.... All I wanted was an alert to tell me when the users are being 'helped' over the internet so I can remind them of cooperate policy to have someone from IT on the line when 'help' is being given on all workstations, servers, etc..... Any ideas on how to monitor this kind of traffic without the manual add of a million ip's??? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
