Packet filtering by itself is not enough though. If you are serious about blocking peer-to-peer-related network traffic, you need a firewall that does application filtering. Application filtering is kind of like an extension to stateful packet inspection. Stateful packet inspection can determine what type of protocol is being sent over each port, but application-level filters look at what a protocol is being used for. For example, an application-level filter might be able to tell the difference between HTTP traffic used to access a Web page and HTTP traffic used for file sharing, whereas a firewall that is only performing packet filtering would treat all HTTP traffic the same.
If you are thinking of buying a firewall that does application filtering, then be sure to look for one that is specifically designed to block peer-to-peer applications. The firewall manufacturer should also offer periodic updates that allow the firewall to block new file-sharing applications and new versions of existing peer-to-peer applications.
Blocking peer-to-peer applications
Step 1: Blocking peer-to-peer applications
Step 2: Firewalls
Step 3: Application-level filters
Step 4: Software restriction with Group Policy
|ABOUT THE AUTHOR:|
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit his personal Web site at www.brienposey.com.|
Copyright 2005 TechTarget
This was first published in July 2006