Blocking services for internal services

[aterrell]

I want to be able to block unwanted services like Messaging and streaming aduio so that my users can not waste company time and bandwidth. Is this possible. I am using firestarter as a firewall/gateway right now.

[kosmosik]

it is possible

[aterrell]

Well, how can I do it?

[james_in_denver]

Configuring iptables would be a good place to start, and end, as well. (no pun intended)

In all seriousness, iptables will do the trick for you.....

[kosmosik]

well you cannot block everything (100% - it is impossible == plug off the wire) but you can:

you need a gateway/router box:
* set up firewall allowing only outbound connections on specific ports (f.e. if in your organization users need only mail and www - allow only this ports (remember about secure/SSL variants)
* set up firewall to block access to known addresses (f.e. known adresses of instant messaging service)
* set up a proxy server (with authorization) and allow traffic only thru this server, filter malware, viruses, unwanted services (you can get blacklist of most known porn sites, P2P services, IM etc. in automated manner). also with authorization you can bind specific connections to specific users - you can track what somebody is doing and then persuade him/her to stop it or something bad will happen to him/her ;]
* set up intrusion detection system - such systems often offer ways to analize network traffic and detect unwanted behaviour (and log hostname/user which caused this activities) - like P2P activity etc. let everybody know that you are big brother :]

on client side (assuming Windows)
* set up policies to not allow instalation of unwanted software
* if your organization allow it - set up sniffers on each machine logging (searching for unwanted) network traffic

on social side:
* produce some clear politics and make every person in organization to know it and to sign it. state the rules clearly - what is allowed, and what is not, and what will be done if somebody messes up with it - this is probably the best way of acomplishing such things :] you also need to make users know that you are watching them...

but keep in mind that this is not accurate in 100% - user can always bypass such restrictions (if user has access to internet he can do virtually anything if user has knowledge). but it shall be succesfull in 90% of cases... also setting up too restrictive policies may give opposite effect - it depends on your users needs...

[blammo]

That won't work. They'll just find something else to do to waste company time. You should set up some sort of logging proxy so you can identify the culprits, and then bounce their asses right out of the organization! Hey hey!

[aterrell]

kosmosik,
Thanks, can you give me some place to look for examples ect. Also, you mentioned a proxyserver with blacklists updated automatically. I have been looking at squidguard but I am having some issues with it. Is this the one you are refering to?

[kosmosik]

Quote:

Originally Posted by aterrell

Thanks, can you give me some place to look for examples ect. Also, you mentioned a proxyserver with blacklists updated automatically. I have been looking at squidguard but I am having some issues with it. Is this the one you are refering to?

well these are few sugestions. you can try implementing one after another. it is certainly some work/researching to do with it... I don't know squidguard but this is probably one of the solutions. in my school we use combination of scripts and blacklists - it compares adresses (hostnames and IPs) to blacklists and if it passes then the URL goes thru dictionary (f.e. word '****' in will be certainly blocked, but you can bypass it giving IP adress instead of hostname - in fact like 3% of requests are IPs in our network ))

but these are AFAIK custom written scripts. I don't know any out-of-the-box program that will do that automagically... maybe some commercial/paid offerings/services can do this - certainly there should be something like that aviable but for money. but maybe it is worth its price. it depends.