Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Use ASA to stop streaming music and video done via locally installed applications?

Posted on 2011-03-23
4
Medium Priority
?
1,886 Views
Last Modified: 2012-05-11
Hi,

I have websense web filter setup in line with my Cisco ASA 5510's. I'm filtering perfectly all traffic that is done via ftp, http, and https in Internet Explorer. We are blocking all streaming media via Internet Explorer. So, if you go to youtube or pandora it is blocked via your web browser.  Our problem is that some people are using Windows Media Player, Beer and hot wings, and other apps that aren't embedded into Internet Explorer to stream music. How can I stop this via the ASA?

Here is how my web filter is setup and running. What can I do with my ASA or websense to stop activity from successfully happening outside of Internet Explorer. As I see it websense only filters what the ASA sends it. ASA will only send certain types of traffic to Websense and I'm already doing that for all the options i see (http,https,ftp,java, url).


url-server (inside) vendor websense host 10.35.209.190 timeout 10 protocol TCP version 4 connections 100
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow proxy-block longurl-truncate
filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter activex 80 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
filter java 80 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
filter ftp 21 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
0
Comment
Question by:First Last
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 8

Expert Comment

by:ragnarok89
ID: 35201008
You might want to create an ACL (access list) to block the address of the website or filter the web address, to the music site, on the pc's. A great port blocking software is www.kerio.com 
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 35201070
With the ASA, you have 2 options.    
1) block the far end IP addresses.   So on an inside interface, add an access list that will deny IP to the range of pandora ips, for example.   Then no traffic will get out to that range.  
2) If you know the specific ports, you can add a rule to the inside interface to block any site when using tcp port <# whatever>.  


Some other ideas, if you run your own DNS, you can add entries for youtube and pandora and such to go to 127.0.0.1.  

Or you can implement a local workstation block.  

Another solution is to use a proxy server on the network, allowing only the proxy IP outbound access and controlling what ports it can use (i.e. 80 and 443 only).   Add rules on the asa to allow outbound for the proxy, but deny everyone else.    Then setup GPO to force IE to use your new proxy IP.

0
 
LVL 1

Author Comment

by:First Last
ID: 35201245
Actually I have no idea on what ports, programs, or sites they are using. I'm just now starting to look through the firewall logs based of their pc source ip address. I don't do the PC side of things here so i'm not sure what they have installed. Right now we just asked them not to do it, but it only lasts until we walk away.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 35201694
You might have luck using regular expressions with advanced https inspection on the ASA
Here's an example to block audio streaming
http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_23987389.html
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question