You mean free solutions?
Block initiating traffic outbound to any port except those required
for business purposes would be an excellent start.
Deploy snort at the perimeter and enable the signatures that fit your
environment and address your concerns about network abuses. Choose a
web front end that appeals.
Audit machines on a regular basis to find unauthorized software.
Use a proxy server (squid is free and very powerful) for all outbound
web connections, and block traffic to disallowed sites.
And having said all that, make sure you have a policy in place that
can be enforced. If no such policy is in place, you can't reasonably
expect users to adher to unwritten rules. Get a policy, get users to
sign that policy, and enforce it both technically and via HR routes.
There are definitely any number of commercial solutions that would do
all of the above and more.
Tremaine Lea
Network Security Consultant
On 9-Mar-07, at 4:02 PM, Erick Jensen wrote:
I would say, this is something that you can't control. Yes, bit-
torrent traffic can be encrypted, and it CAN run on 443. But I
switched mine to a random port in the 14000 range. Then I check
mark the "encrypted only" box and say "good luck Comcast!".
I think the only effective way of hindering bit-torrent is what
some universities do. They limit the bandwidth and allow only
burst of full bandwidth. That way they make bit torrent unbearable
to use. So far that's the only way to counter the bit-torrent
traffic.
Has anyone else heard of a better way?
-----Original Message-----
From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com] On Behalf Of Ove Dalgård Hansen
Sent: Wednesday, March 07, 2007 1:38 PM
To: focus-ids@securityfocus.com
Subject: Bittorrent - utorrent
Hello Everyone,
I am in a bit of trouble,
On a network where i am configuring IDS - using ASA5510 + SSM
module, we try to deny access to Bittorrent downloads - it consumes
quite a bit of bandwith and is not allowed by the company's policy.
We try to filter bittorrent which succedes - but the utorrent
changes protocol and goes by the SSL port 443 and thereby
circumvent the IDS, since its not possible to see the encrypted
traffic.
Does anyone out there have a good idea of how i am to solve the issue?
Best Regards
Ove Hansen
IT-Quality A/S
Banemarksvej 50F
Denmark - 2605
----------------------------------------------------------------------
--
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?
module=Form&action=impact&campaign=intro_sfw
to learn more.
----------------------------------------------------------------------
--
----------------------------------------------------------------------
--
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?
module=Form&action=impact&campaign=intro_sfw
to learn more.
----------------------------------------------------------------------
--
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
