1cmerchant Tue, 02/05/2008 - 06:20
User Badges:

The way I block all unwanted traffic is to specify (via ACL permits) the traffic that I want to allow, and thus everything else is blocked. Of course this is all linked to your corporate security policy, etc.


Not sure if that would work for your environment, but it has worked well for me. The only real downside is that when someone wants (needs) to connect to things that aren't specifically permitted you have to go in and modify the ACL as required.

gtrampus Tue, 02/05/2008 - 06:31
User Badges:

I know. I would done the same for me (or my company). But this is a request from a customer and i am not sure if ASA even supports this. Funny: you can easy block IM (yahoo or MS) but you can't block torrents which consumes a lot (or all of) bandwith.


Thanx ,)


Gregor

cisco24x7 Tue, 02/05/2008 - 07:08
User Badges:
  • Silver, 250 points or more

If you want something to block torrents,

get a checkpoint firewall. SmartDefense

is integrated into Checkpoint firewall that

can help you to do just that.


CCIE Security

srue Tue, 02/05/2008 - 07:42
User Badges:
  • Blue, 1500 points or more

Or get an IPS module for your 5520. There are specific signatures to BT that can do exactly what you want. The problem with trying to block BT is that it can pretty much use any port.


cisco24x7 Tue, 02/05/2008 - 11:03
User Badges:
  • Silver, 250 points or more

"The problem with trying to block BT is that it can pretty much use any port."


That's what IPS supposed to do, be able to

detect these things. If Cisco IPS module on

ASA 5520 can not do that, then the IPS is

completely useless. SmartDefense in CP can

take care of this. If you don't want

to use Checkpoint, you can go with sourcefire

that can accomplish the same thing.


CCIE security

Actions

This Discussion