Hi
1) I suggest the use of Web Sense, URL filter software which works with
most of firewall on the market.
2) You have to set up a proxy cache server to reduce the HTTP trafic from
the Internet.
Most accessed Web site are then locally cache .
3) Setup a Internet Access policy for your students and apply it. I don't
know the number of your students
but if only one third of your 2200 users surf heavily on the Net, you need
to setup an T3 line and not a T1 line.
Guyanne Francis
Consultant
RCS, Telecom Reseaux Services, France
========================================================
At 16:20 19/09/00 -0700, you wrote:
>First off, I'd like to know how it is that you have managed to keep 2200
>users happy through a single T1 :)
>
>Paul made a good point earlier that these issues really are policy issues.
>However, acknowledging that you are dealing with college students, rules and
>policies aren't their top priority.
>I've used a product called 'Little Brother' that does a great job at telling
>you who is using what services and how much bandwidth they're using up. it
>lists them by top talkers, etc. One of the nicer features is that you can
>block access to certain sites, you can block downloading of files (and
>specific files, such as .mp3), access to FTP sites, etc. This sits in
>promiscuous mode next to the firewall so it offloads this overhead from the
>firewall. Since it works in promiscuous mode, it doesn't really introduce
>latency, but it may enforce the rule 'after the fact' (the web page may
>begin to load before it aborts).
>
> -Jesus
>
>-----Original Message-----
>From: Stewart Dean [mailto:[EMAIL PROTECTED]]
>Sent: Monday, September 18, 2000 4:00 AM
>To: [EMAIL PROTECTED]
>Subject: Q2: How to Deal with Bandwidth Abuse
>
>
>I have responsibilities at a small (approx 2200 user) liberal arts college.
>We
>have been slowly getting the expenditure to do appropriate upgrades to the
>network and IT infrastructure, usually the crisis du jour that finally
>makes it
>clear to the administration that, yes, they really do have to loosen the
>purse
>string.
> We have been dodging various bullets related to a) having one T1 line and
>b)
>the students have Napster/Gnutella/Scour. Things have come to a head, and
>we are looking better handle what we presume to be student bandwidth abuse.
>The students will have their own T1 line, and the faculty and staff another.
>
>Still, we need to get a handle on locating bandwidth abuse offenders and
>counseling them.
> I'd like hear your experience with this problem. We have a pretty much
>all
>Cisco environment: a 5500 as a backbone, fiber to 2924s. All connections
>are
>out of a single switched port, or will be soon after we phase out the last
>of our
>old IBM hubs.
> If there's a better place to ask this question, please suggest.
>
>How do you track bandwidth abusers at the firewall? Can you identify
>locations heavily used by abusers? What tactics have you come up with to
>deal
>with Gnutella and Scour?
>
>to shift access control from router access control lists to a true firewall
>in order
>to get the benefits of logging, stateful connection handling and the
>like.---
>// "I build my cars to go, not to stop", Ettore Bugatti
>// Stewart Dean Kingston, NY
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
