[c-nsp] Firewall Recommendations

Paul Stewart pstewart at nexicomgroup.net
Thu Aug 18 21:32:01 EDT 2005


Actually thinking about doing that... Thanks for the suggestion..:)

How do you do a regex expression in CBAC?  Never done that...

Thanks,

Paul
 

-----Original Message-----
From: Rolf Mendelsohn [mailto:rolf at cyberops.biz] 
Sent: Thursday, August 18, 2005 7:10 PM
To: Wojtek Zlobicki
Cc: Paul Stewart; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Firewall Recommendations

slightly ot:
How about a simple squid proxy for blocking various things.

acl block-msn rep_mime_type -i ^application/x-msn-messenger$

that blocks access to msn - provided the client is using msn, adding
other messenger apps is easy. Aswell as doing various other things.

otherwise perhaps try that regex string for you cbac.

cheers
/rolf

On Thursday 18 August 2005 10:53 pm, Wojtek Zlobicki wrote:
> Have you considred blocking it at  Layer 8 ?  AKA changing the 
> computer policy at work to strictly forbit it.  I have also seen 
> Windows Active Directory group policies that blocked the app.
>
> On 8/18/05, Paul Stewart <pstewart at nexicomgroup.net> wrote:
> > We are in immediate need (next couple of weeks) of a firewall for 
> > our own offices.  I'm wondering what everyone's experience has been 
> > with the new ASA series from Cisco.  Also, any feedback/comparison 
> > on Watchguard would be handy....
> >
> > This has been sparked by MSN Messenger blocking on the application 
> > level in our offices.  We have been trying to block it 
> > unsuccessfully with CBAC variations and when we finally found a way 
> > to completely block it, half the websites we want to go to can't be
reached....
> >
> > Thanks in advance,
> >
> > Paul Stewart
> > Network Specialist
> > Nexicom Inc.
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/

--
Rolf Mendelsohn
Internet Technologies Holdings
Angolan Cell:  +244-92-3524981
Angolan Office: +244-2-356110
Namibian Office: +264-61-375484



More information about the cisco-nsp mailing list