[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2244
  • Last Modified:

How to block uploading not downloading to file sharing web sites like sendbigfiles.com or dropbox?

Opendns.com was working perfectly in blocking file sharing, file storage web sites & other categories.
Now we want users to be able to download  from all these sites but want to restrict them from uploading any of the company data.

Please suggest any solution .. may include a hardware appliance or a software solution.

Total users are less than 50. Internet connection is 8Mbps only.
Only few users like to have unrestricted access to all the sites.
0
Akash Bansal
Asked:
Akash Bansal
  • 3
  • 3
2 Solutions
 
gplanaCommented:
I would add a rule and disallow the port that use the upload but just for these sites. This way users will be able to download but not upload to these sites.
0
 
Akash BansalIT ProfessionalAuthor Commented:
Is thr any standard port common for all these sites or have to make rule for each site.

Right now we are using : Cisco RVS4000 & RV120W
http://www.cisco.com/c/en/us/products/routers/rvs4000-4-port-gigabit-security-router-vpn/index.html
http://www.cisco.com/c/en/us/products/routers/rv120w-wireless-n-vpn-firewall/index.html

Is this possible with these routers/firewall or do I have to buy some other firewall/UTM?
0
 
skullnobrainsCommented:
no, and extra hardware won't help much

most such sites will allow files to be uploaded and downloaded on the same regular port 80. but you can in some cases identify tokens in the url they use such as "&action=upload" or the likes. in other cases the client will perform a file sync which will synchronise both ways in the same tcp session.

additionally, such rules will be overall inefficient as the use of proxies will easily defeat whatever you expect to setup in a local proxy in order to enforce the previous rules.

you'll probably turn to DLP-capable soft/hardware which is overall as inefficient as the above because they rely on identified file types which is absolutely trivial to bypass.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Akash BansalIT ProfessionalAuthor Commented:
Tx for such an info and the confirmation.

Now we have two options...
1. Select one such site which we can block uploading from lan side and request sender to use that site only.

2. Setup our own internal ftp server.
0
 
skullnobrainsCommented:
i can't suggest a side that would be easy to block in a firewall.

nevertheless if you do trust such a site, most of them (including dropbox) feature access control lists that would most certainly let you create download-only profiles

on the local side, setting up a file share or possibly an ftp server is quite trivial, but they might not meet needs such as ability to trace user activities, or version control.
0
 
Akash BansalIT ProfessionalAuthor Commented:
Though there is no solution of my requirement, it is important to know that there is no solution exist; so that we may start working on work around.

Experts @Expert exchange brings the confidence that if there is a solution we may get it here.
0
 
skullnobrainsCommented:
feel free to post about your requirements ( automagic synchronisation, offline access, version control... or just be able to access personal files ? ) and possible solutions you are working on if you feel we can help.

note that many existing such sites allow HTTP access. in this case most likely files are uploaded using POST or PUT queries while regular browsing and file downloads are available using GET. if you have an HTTP proxy, allowing GET and HEAD queries only for a series of sites is quite trivial. if the site provides a synchronisation tool that does not work over HTTP, you can block the port altogether. but the users will need to use a browser to retrieve files. one problem of this approach, is you'd probably need to monitor the site for changes since they may change policies in the future without warning.
0

Featured Post

Shaping tomorrow’s technology leaders, today

The leading technology companies all recognize the growing need for gender diversity. Through its Women in IT scholarship program, WGU is working to reverse this trend by empowering more women to earn IT degrees and become tomorrow’s tech-industry leaders.  

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now