RE: how to block KaZaa, Bit, and DAP in ISA2004 std.

From: "Greg Mulholland" <greg@xxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Tue, 24 Jan 2006 08:23:02 +1100
Problem is most of these apps can tunnel over http. So blocking outbound http 
is not an option you will need to configure your http rules to block http 
traffic based on user-agents etc.
 
There is also another way to do this. Simply don't allow your "users' the 
ability to install non business apps or any apps on their (sorry the company's) 
PC. This stuff should be done by a domain admin, i.e. the users shouldn't be 
given admin rights and they wont be able to install such programs and then the 
problem goes away. If you must give them local admin rights then clearly define 
your computer user policy and the consequences of breaking that policy, then 
they have no comeback. Jim has a bat if you need to use it!
 
Greg Mulholland

________________________________

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tue 24/01/2006 2:10 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: how to block KaZaa, Bit, and DAP in ISA2004 std.



http://www.ISAserver.org

Hi Joseph,
Glad you asked!
Least priviledge means that you give access only to what is required. In
a perfect least priviledge environment, you never need to create a Deny
Rule, since you create allow rules only to resources that users require
access to. Since the ISA firewall blocks all traffic not explicitly
allowed, you don't have to worry about Deny rules.

Make sense?

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**



> -----Original Message-----
> From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx]
> Sent: Monday, January 23, 2006 8:57 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] how to block KaZaa, Bit, and DAP in ISA2004 std.
>
> http://www.ISAserver.org
>
> Tom:
>
> I am further interested in your answer - but I don't
> understand what you
> are trying to say.
>
> Could you give a little bit more detail?
> 
>
> Joseph Danielsen, MCSA-Messaging, MCP
>
> Network Blade Inc.
>
> 49 Marcy Street
>
> Somerset, NJ 08873
>
> www.networkblade.com
>
> 
>
> 
>
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Monday, January 23, 2006 8:52 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: how to block KaZaa, Bit, and DAP in
> ISA2004 std.
>
> http://www.ISAserver.org
>
> If you're using least priviledge, then just don't allow it.
>
> HTH,
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
> 
>
> > -----Original Message-----
> > From: Wittaya Lee [mailto:wittalee@xxxxxxxxxxxxxxxxxx]
> > Sent: Monday, January 23, 2006 1:35 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] how to block KaZaa, Bit, and DAP in ISA2004 std.
> >
> > http://www.ISAserver.org
> >
> >    Please help, Anyone know how to block KaZaa, Bit and DAP
> > in ISA2004.
> > If the client are only SecureNAT or Web Proxy.  Thanks in Advance.
> >
> > Witt
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jdanielsen@xxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
greg@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
RE: how to block KaZaa, Bit, and DAP in ISA2004 std.

Other related posts:
