RE: Napster block

Chuck Larrieu Fri, 08 Dec 2000 16:53:19 -0800
As part of some research I have been doing to address some issues I have
with a particular customer security design, I've been spending a bit of time
at www.trusecure.com , and the related interests Information Security
Magazine and the ICSA test labs.

What I have read there leads me to believe that it is damn near impossible
to enforce any kind of real complex security policy on a purely hardware
based firewall.

Too many bad things are starting to happen using ports 20, 21, 25, 53, and
80 - all ports that in general must be left open for legitimate company web
use. For good reasons and evil, app developers are now writing their apps to
use these ports, rather than leave them for their intended purposes.

There are a couple of companies that offer server based software that
inspect and block forbidden sites and content. I believe one of the
companies offering such a product is WebSecure. Sorry, I can't find my
literature that I picked up at Networkers.

But the point is that in order to stop any number of services that violate
policy, it is no longer enough to try to block a couple of ports.

Chuck


-----Original Message-----
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Eddie Parra
Sent:   Friday, December 08, 2000 8:52 AM
To:     Patrick Bass; [EMAIL PROTECTED]
Subject:        RE: Napster block

How did you do that?  Napster isn't port based...  Napster can use ANY TCP
port?  You can set the Napster client to port 80 (HTTP) and it works fine.

-Eddie

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Patrick Bass
Sent: Friday, December 08, 2000 9:35 AM
To: [EMAIL PROTECTED]
Subject: Re: Napster block


Which firewall are you using?  I've blocked my users from napster using the
PIX outbound command.


""Dave Malik"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> <html><DIV>Does anyone know what TCP or UDP ports need to be blocked on a
firewall to prevent users on a network from accessing Napster??</DIV>
> <DIV>&nbsp;</DIV>
> <DIV>Any comments would be appreciated.</DIV>
> <DIV>&nbsp;</DIV>
> <DIV>Regards,</DIV>
> <DIV>Dave</DIV>
> <DIV>&nbsp;</DIV><br clear=all><hr>Get more from the Web.  FREE MSN
Explorer download : <a
href="http://explorer.msn.com">http://explorer.msn.com</a><br></p></html>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Napster block

Reply via email to
