• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 578
  • Last Modified:

Software Restriction Policies

Hi,

I'm trying to block most p2p programs on a domain (2003) using hash rules.

My question is; are there any place with a list of hash keys to p2p programs? So that i dont have to download all kinda p2p programs and generate the cryptographic file fingerprint's myself.

Or is there a other way to block p2p traffic? That does not involving closing ports or buying new equipment :p
0
aerion85
Asked:
aerion85
  • 7
  • 5
1 Solution
 
andrew_aj1Commented:
The best way is to block the ports. You should not have any open ports that you do not need for security purposes.
It is basically impossible to do what you want to do. There are plenty of P2P programs out there and there are new programs/updates being released all time time. It would be a full time job looking up P2P programs and blocking them.
Another option you may want to consider is preventing your users from installing applications at all.
I hope this helps. Good luck.
0
 
aerion85Author Commented:
Yea, we're trying to prevent it.. hehe. We've hidden the whole local disk. (C:), and made it inaccessible.
The users cant install programs at all. But they can run them, so they're smart enough to just zip/unzip them on the network drive they have.. for storing documents.
0
 
aerion85Author Commented:
It's no problem for the users to get past the port blocking though, just using a tunnel or so. So it wont help that much.
I know we can use traffic shaping, but this require new equipment to be bought. Not an option.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
andrew_aj1Commented:
As you said traffic shaping is a good solution, but it does cost some to get setup.
The next thing to do would be to go to the human level. Setup rules and regulations for computer use - if not already done. Tell them that this activity is against business policy and possibly illegal (depending on what they are downloading). If the activity continues you will have to punish those employees. Depending on how your company is setup this may take a while, but it most likely the best solution.
Good luck.
0
 
aerion85Author Commented:
If things were that easy.. this is a school. The students does not have their own username. So we cant really bust them neither.

And the law here states that we cannot monitor user movements.

So the only way i can do this is by blocking the hash on exe files. Or find a policy that denies running exe files from removable sources. Does that exist?
0
 
andrew_aj1Commented:
That makes it quite difficult. There may be a way to block exe files on removable drives, but there are plenty of reasons not to do this such as blocking of programs you want to run.
Do to the restrictions the only way would really be traffic shaping.
To help reduce the number of students from doing this you could inform and demonstrate these programs to the teachers to have them monitor the students while on the computers.
I know this is not the answer you want, but it is the only way that I can think of.
I hope this helps. Good luck.
0
 
aerion85Author Commented:
"There may be a way to block exe files on removable drives" <- this would be the best solution. There should not be ANY exe files on their network share.. only documents.

If you know how to do this, please tell me. This would help alot :D
0
 
andrew_aj1Commented:
I did a quick search on this and did not find any results. I was not sure if this was possible or not because I never done it. Sorry.
There are many reasons that this would not be a good solution. One would be if you had a computer programming class - these students would not be able to execute their programs. Another would be if a student was using some portable application (http://portableapps.com/ ) such as open office for their school work.
0
 
aerion85Author Commented:
Okay, i will continue searching for this though. Preventing users from running exe files from network shares sounds like the perfect solution in my case.

Thanks for the help. I will accept the answer if no one got a better answer for me. I'll close it in 2-3 days.  
0
 
andrew_aj1Commented:
I just thought of another solution. You can setup a script to run every so often to forcefully remove any exe files from the network drive. This may not stop them, but could cause them plenty of issues doing this. But for the reasons I stated already this may not be the solution.
0
 
aerion85Author Commented:
I kinda find a solution that'd work in my setting.

Set Disallowed as default in GPO. And just add exceptions for the applications my students use.
0
 
aerion85Author Commented:
Thanks for trying to help at least :D
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now