Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: N00b Question

from [G.Crow] Network Security [Permanent Link]
Subject: RE: N00b Question
Date: Thu, 30 Dec 2004 22:33:19 -0500 
For blocking certain sites your best bet is a proxy of some sort, presumably
transparent.  Lots of people on this list will point you towards Squid if
you're looking in the open-source realm.  You *could* block site IPs in your
firewalls (PIX firewalls are almost all, if not all, in the 500-scheme.  I
haven't looked at the lineup recently.)  That is, however, not a great
solution for a variety of reasons.

If you are blocking the web-based email, why do you need to block the
ability to upload attachments?

For MSN/yahoo chat you can block the ports in your external firewall.  This
will stop 95% of your users (possibly more if MSN/yahoo don't accept
connections on any port like AIM does.)  You can also see if your
infrastructure supports deep packet inspection - Cisco has a good variety of
capabilities regarding that, but I can't for the life of me remember the
acronym, and my Cisco books are in the office.  I avoid it, myself, since it
punts packets to the processor, but that doesn't matter as much with a
slower external link.

Quotas established for web surfing?  Do you mean accounting per computer
(he's been on the web *this* much today) or do you actually mean cutting it
off after a certain point per day?  Logging and log analysis is easy enough,
but true quotas would require authentication of some sort most likely, and
are probably more trouble then they're worth.  If bandwidth is an issue I
would just implement QoS and put port 80/443 traffic in a low CoS.

Gabe


-----Original Message-----
From: Harshal Dedhia [mailto:harshal.dedhia@skybird-travel.com]
Sent: December 30, 2004 11:42 AM
To: security-basics@securityfocus.com
Subject: N00b Question

Hi,
I am very new to the firewall and network security world. I have a
situation wherein  I need to block webbased email access and the ability
to upload attachments to web-based email. I also need to ensure that
MSN/yahoo chat is disabled and quotas are established for web surfing.

Is there an Open Source solution to this problem. The network comprises
Cisco Routers and 500 series firewalls.

Cheers!
Harshal
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Firewall for restricting ips based on dynamic acls, Ajay.Mitra
Next by Date:  RE: N00b Question, Paris E. Stone
Previous by Thread:  Re: N00b Question, Joe Polk
Next by Thread:  Re: N00b Question, Ismael Gonzalez
Indexes:  [Date] [Thread] [Top] [All Lists]