Monthly Archives: April 2008

How to block websites and restrict internet access?

Most employees waste more than an hour on browsing web pages. Even worse, someone will not be able to concentrate on their work during work time.
So, to save productivity, it is necessary for organizations to block certain websites and restrict internet access.

In my opinion, things should be done from several aspects:

1. Only work-related websites are allowed during work time.
2. Destructive websites like violence, adult, shall be blocked always.
3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed.

For those companies who are very strict with websites browsing, you can implement a website whitelist, by which, only websites in the whitelist can be visited.

More information, please refer to internet blocking and internet monitoring.

Block MSN file transfer: impossible mission?

Block MSN file transfer: impossible mission?

  It is convenient to transfer files via messengers like msn/live, yahoo, icq…  But it is also necessary for organizations to block unauthorized file transfers to keep their networks safe.

  However, messenger software uses several ways to avoid being blocked. They use dynamic ports, encrypted connections, variety connection type to bypass network firewall.

  Let me take msn as an example. By our test, there have four type of msn file transfer as described below:

  1. For two buddies, if one of them is connected to internet directly, direct connection will be established to transfer files. This is the quickest way. There has three type of direct connections with dynamic ports which is negotiated by two sides.

  1.1) Direct TCP connection.

  1.2) Direct TCP connection use TLS encryption.

  1.3) Direct UDP transmission.

  2. If direct connection can not be established, msn servers can act as a relay server to transfer files. The file transfer packets will be among with normal msn messages.

  As you can see from above, there is no way to block msn file transfer simply by blocking some ports in the firewall. The firewall should be smart enough to recognize msn file transfer direct connections, and it shall be able to pick up file transfer packets from normal msn messages.

  Block MSN File Transfer

  Internet Monitor

  Block P2P