[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 576
  • Last Modified:

Software Restriction Policies

Hi,

I'm trying to block most p2p programs on a domain (2003) using hash rules.

My question is; are there any place with a list of hash keys to p2p programs? So that i dont have to download all kinda p2p programs and generate the cryptographic file fingerprint's myself.

Or is there a other way to block p2p traffic? That does not involving closing ports or buying new equipment :p
0
aerion85
Asked:
aerion85
  • 7
  • 5
1 Solution
 
andrew_aj1Commented:
The best way is to block the ports. You should not have any open ports that you do not need for security purposes.
It is basically impossible to do what you want to do. There are plenty of P2P programs out there and there are new programs/updates being released all time time. It would be a full time job looking up P2P programs and blocking them.
Another option you may want to consider is preventing your users from installing applications at all.
I hope this helps. Good luck.
0
 
aerion85Author Commented:
Yea, we're trying to prevent it.. hehe. We've hidden the whole local disk. (C:), and made it inaccessible.
The users cant install programs at all. But they can run them, so they're smart enough to just zip/unzip them on the network drive they have.. for storing documents.
0
 
aerion85Author Commented:
It's no problem for the users to get past the port blocking though, just using a tunnel or so. So it wont help that much.
I know we can use traffic shaping, but this require new equipment to be bought. Not an option.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
andrew_aj1Commented:
As you said traffic shaping is a good solution, but it does cost some to get setup.
The next thing to do would be to go to the human level. Setup rules and regulations for computer use - if not already done. Tell them that this activity is against business policy and possibly illegal (depending on what they are downloading). If the activity continues you will have to punish those employees. Depending on how your company is setup this may take a while, but it most likely the best solution.
Good luck.
0
 
aerion85Author Commented:
If things were that easy.. this is a school. The students does not have their own username. So we cant really bust them neither.

And the law here states that we cannot monitor user movements.

So the only way i can do this is by blocking the hash on exe files. Or find a policy that denies running exe files from removable sources. Does that exist?
0
 
andrew_aj1Commented:
That makes it quite difficult. There may be a way to block exe files on removable drives, but there are plenty of reasons not to do this such as blocking of programs you want to run.
Do to the restrictions the only way would really be traffic shaping.
To help reduce the number of students from doing this you could inform and demonstrate these programs to the teachers to have them monitor the students while on the computers.
I know this is not the answer you want, but it is the only way that I can think of.
I hope this helps. Good luck.
0
 
aerion85Author Commented:
"There may be a way to block exe files on removable drives" <- this would be the best solution. There should not be ANY exe files on their network share.. only documents.

If you know how to do this, please tell me. This would help alot :D
0
 
andrew_aj1Commented:
I did a quick search on this and did not find any results. I was not sure if this was possible or not because I never done it. Sorry.
There are many reasons that this would not be a good solution. One would be if you had a computer programming class - these students would not be able to execute their programs. Another would be if a student was using some portable application (http://portableapps.com/ ) such as open office for their school work.
0
 
aerion85Author Commented:
Okay, i will continue searching for this though. Preventing users from running exe files from network shares sounds like the perfect solution in my case.

Thanks for the help. I will accept the answer if no one got a better answer for me. I'll close it in 2-3 days.  
0
 
andrew_aj1Commented:
I just thought of another solution. You can setup a script to run every so often to forcefully remove any exe files from the network drive. This may not stop them, but could cause them plenty of issues doing this. But for the reasons I stated already this may not be the solution.
0
 
aerion85Author Commented:
I kinda find a solution that'd work in my setting.

Set Disallowed as default in GPO. And just add exceptions for the applications my students use.
0
 
aerion85Author Commented:
Thanks for trying to help at least :D
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now