Solved

Best ASA Setup to block most traffic

Posted on 2012-03-31
5
613 Views
Last Modified: 2012-04-23
Hi,

I've attempted to block bit torrents, but it seems a never ending battle. So, i'm thinking of blocking ALL traffic in/out apart from specific ports. Is this a good idea?

Aside from HTTP/HTTPS/SNTP/SMTP/POP3 is there anything else I should open?
0
Comment
Question by:radiosupport
  • 3
5 Comments
 
LVL 2

Expert Comment

by:Sirjacksinurbox
ID: 37790212
Have you tried blocking the individual sites that the users' are getting the information from?

If they can't find the correct seed info, they shouldn't be able to download. Also, if you monitor it closely, you can find out who is doing it and file a disciplinary action.

I'm not sure if this will help, but you may be able to adapt what this article is saying and use it on your ASA: Block the Peer-to-Peer (P2P) and Instant Messaging (IM) Traffic Using MPF Configuration Example

It may take a little bit of work, but it looks like it may solve your problem.

Btw, do you also have a web filter (Barracuda)?
0
 

Author Comment

by:radiosupport
ID: 37790214
Hi,

Thanks. Our issue is with laptop users. They commence the download of the torrent off site, (therefore bypassing any URL filtering), then bring the laptop into work to use our bandwidth!

I "can" go down the disciplinary action, but I'm also after a quick fix...

We don't have a Barracuda, we use the CSC-SSM module.

Is my suggestion of locking down almost everthing not really feasible?
0
 
LVL 2

Expert Comment

by:Sirjacksinurbox
ID: 37790231
Pretty much, I'm pretty sure they can use those ports for torrenting just by switching up their configurations.

In CSC-SSM, have you tried the URL Filtering feature to block P2P?
0
 
LVL 2

Expert Comment

by:Sirjacksinurbox
ID: 37790563
My apologies, I actually realized that p2p traffic (not the site traffic, but the protocols) are layer 7 protocols.

I'm not sure that you would be able to block stuff like that on your network with an ASA. The most you could do would be to block the website.

Unless I'm missing something on the interwebs, your best bet would be to catch them in the act of downloading, and then narrow it down to them and forward it on to HR/Managers. Someone will have an example made of them and then it should stop.

A policy that we used at a place I used to work at was if they were caught using p2p on our networks, we would shut off their port to the outside world, only giving them local access to the network.

Sorry I couldn't be of more help. Good luck.
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 37791750
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now