Best ASA Setup to block most traffic

Hi,

I've attempted to block bit torrents, but it seems a never ending battle. So, i'm thinking of blocking ALL traffic in/out apart from specific ports. Is this a good idea?

Aside from HTTP/HTTPS/SNTP/SMTP/POP3 is there anything else I should open?
radiosupportAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SirjacksinurboxCommented:
Have you tried blocking the individual sites that the users' are getting the information from?

If they can't find the correct seed info, they shouldn't be able to download. Also, if you monitor it closely, you can find out who is doing it and file a disciplinary action.

I'm not sure if this will help, but you may be able to adapt what this article is saying and use it on your ASA: Block the Peer-to-Peer (P2P) and Instant Messaging (IM) Traffic Using MPF Configuration Example

It may take a little bit of work, but it looks like it may solve your problem.

Btw, do you also have a web filter (Barracuda)?
radiosupportAuthor Commented:
Hi,

Thanks. Our issue is with laptop users. They commence the download of the torrent off site, (therefore bypassing any URL filtering), then bring the laptop into work to use our bandwidth!

I "can" go down the disciplinary action, but I'm also after a quick fix...

We don't have a Barracuda, we use the CSC-SSM module.

Is my suggestion of locking down almost everthing not really feasible?
SirjacksinurboxCommented:
Pretty much, I'm pretty sure they can use those ports for torrenting just by switching up their configurations.

In CSC-SSM, have you tried the URL Filtering feature to block P2P?
SirjacksinurboxCommented:
My apologies, I actually realized that p2p traffic (not the site traffic, but the protocols) are layer 7 protocols.

I'm not sure that you would be able to block stuff like that on your network with an ASA. The most you could do would be to block the website.

Unless I'm missing something on the interwebs, your best bet would be to catch them in the act of downloading, and then narrow it down to them and forward it on to HR/Managers. Someone will have an example made of them and then it should stop.

A policy that we used at a place I used to work at was if they were caught using p2p on our networks, we would shut off their port to the outside world, only giving them local access to the network.

Sorry I couldn't be of more help. Good luck.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.