Port Blocking in Windows 2003 Server
Hi guys,
I have a bit of a problem at work. I have people downloading files using torrent clients.๐ก How do I stop this? I am thinking of blocking all but a couple of ports, to prevent the torrent client from connecting to internet.
About the network infrastructure, we have a Beetel Modem + Router and a Windows 2003 server acting as DNS and DHCP server. Is it possible for me to block ports using the said infrastructure?
Also using ipsec, if I block the ports for the server, will it effect the other systems on the network or not?
I will not get approval for purchase of a new router or any additional equipment, so I have to make do within the existing infrastructure.๐ All solutions are welcome!
Regards,
mad_scientist
I have a bit of a problem at work. I have people downloading files using torrent clients.๐ก How do I stop this? I am thinking of blocking all but a couple of ports, to prevent the torrent client from connecting to internet.
About the network infrastructure, we have a Beetel Modem + Router and a Windows 2003 server acting as DNS and DHCP server. Is it possible for me to block ports using the said infrastructure?
Also using ipsec, if I block the ports for the server, will it effect the other systems on the network or not?
I will not get approval for purchase of a new router or any additional equipment, so I have to make do within the existing infrastructure.๐ All solutions are welcome!
Regards,
mad_scientist
Replies
-
durga chfirstly,
what are the services the employees are allowed to use ?
Nevertheless, try implementing ACLs (access control lists) to block specific kind of programs from accessing the internet. It does not require too much of effort.
ACLs (access control lists) are a simple way to control the inbound and outbound traffic within a given network. They are mainly implemented on the Routers.
The syntax format of a ACL is generally:
ip access_list extended -
Aashish JoshiI just thought of something we did in our college hostel.
Would it be easier if I just setup a proxy server? The modem will be connected to the server, and the server will allow/deny or restrict all the connections. There are proxy software available for this purpose, like CCProxy, etc. -
durga chHmm, implementing a proxy server is as well ok, but I was thinking in case you are implemeting a proxy server, why not do it at the DNS level itself? I dont know exact implementation steps for implemeting proxy servers.
-
Aashish JoshiHmm, I didn't know we could do that! Implement the proxy server at the DNS level I mean! Any pointers??
-
durga chhey,
I dont know what DNS you are using, but have a look at this offering by Open DNS.
Its free and content filtering is as well provided
#-Link-Snipped-# -
Prasad AjinkyaInteresting problem.
You can filter the requests at the DNS level, however there is no easy way of forcing everyone to use the DNS defined. A better approach is a proxy server and allow only HTTP traffic through. As long as you are filtering traffic, you can screen out the P2P traffic. -
durga ch@ Kidakaka - I was thinking since they seem to be already having their own DNS server all employess migth be querying it (i know too many assumptions), thought this might work. But nevertheless, I agree applying ACLs or using a proxy is better idea.
You are reading an archived discussion.
Related Posts
Hi friends,๐
This is Daniel Smith and I am new to this forum. I am really feeling good to be out here since I am a regular reader of the...
please give me concept of zero turn mechanism in tata pixel
๐
I'm not comparing the specific versions here (we may, if needed) but I'm looking for the core differences between these two popular unix based operating systems. I'm more interested from...
Windows 8 will have refreshed basic computing functions like copy files and folders, rename and move. All the multiple copy functions will appear in a single window. The whole progress...
i've been blogging for nearly a year and now the blogoversary of my first blog (the one i started after getting inspired by some CEan bloggers ๐ ) which is...