I have a bit of a problem at work. I have people downloading files using torrent clients.😡 How do I stop this? I am thinking of blocking all but a couple of ports, to prevent the torrent client from connecting to internet.
About the network infrastructure, we have a Beetel Modem + Router and a Windows 2003 server acting as DNS and DHCP server. Is it possible for me to block ports using the said infrastructure?
Also using ipsec, if I block the ports for the server, will it effect the other systems on the network or not?
I will not get approval for purchase of a new router or any additional equipment, so I have to make do within the existing infrastructure.😔 All solutions are welcome!
firstly,
what are the services the employees are allowed to use ?
Nevertheless, try implementing ACLs (access control lists) to block specific kind of programs from accessing the internet. It does not require too much of effort.
ACLs (access control lists) are a simple way to control the inbound and outbound traffic within a given network. They are mainly implemented on the Routers.
The syntax format of a ACL is generally:
ip access_list extended where destination IP can be 'any' for unknown addresses and estination port will be important here. Source IP shall be your network addresses itself . Its the destination port which would be important.
Since you mentioned torrents I am assuming, it has to do with blocking or rather screening between the extrnal network and internal network and not exaclt on the windows server .
I just thought of something we did in our college hostel.
Would it be easier if I just setup a proxy server? The modem will be connected to the server, and the server will allow/deny or restrict all the connections. There are proxy software available for this purpose, like CCProxy, etc.
Hmm, implementing a proxy server is as well ok, but I was thinking in case you are implemeting a proxy server, why not do it at the DNS level itself? I dont know exact implementation steps for implemeting proxy servers.
You can filter the requests at the DNS level, however there is no easy way of forcing everyone to use the DNS defined. A better approach is a proxy server and allow only HTTP traffic through. As long as you are filtering traffic, you can screen out the P2P traffic.
@ Kidakaka - I was thinking since they seem to be already having their own DNS server all employess migth be querying it (i know too many assumptions), thought this might work. But nevertheless, I agree applying ACLs or using a proxy is better idea.