Re: Do you block P2P ?

["Stanclift, Michael" <michael.stanclift () ROCKHURST EDU>]

On university owned systems, we've been removing P2P apps for a couple of years now. I have custom rules built into our 
McAfee Enterprise AV that deletes them on sight. .torrent files from campus systems are removed as well (unless someone 
has an exemption to use them for legal purposes, but since we no longer have a CS or IS department, that hasn't come 
up) -- our managed systems do not have to go through the NAC.


Michael Stanclift
Network Analyst
Rockhurst University

http://help.rockhurst.edu
(816) 501-4231

Think before you print!


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jeff Kell
Sent: Thursday, September 17, 2009 11:08 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Do you block P2P ?

Stanclift, Michael wrote:
> We're doing a similar method. We've been blocking it at a protocol level for quite a while, but this semester we also 
> started utilizing Cisco NAC/Clean Access to scan and deny access to systems with some of the more popular file 
> sharing applications installed. It has brought a few complaints but they fall on deaf ears.

We have considered that option, but there is somewhat of a fine line
between the right to deny the use of an application on our network
versus simply having one installed.  If we continue to pursue our NAC
(Campus Manager) and get to the point where we can identify a
"university-owned computer" then I have no problem with forcing their
removal up-front.

The only installations we actively chase down are those generating tens
of thousands of connections a day (orders of magnitude greater than a
typical user), and that is easily justified given the infrastructure
load (firewalls, logging, netflow, etc) that activity produces.

Jeff