Another kind of sites are video hosting websites such as youtube. These sites allow users to upload videos and view existing videos. Please see this link to see some of video hosting sites. It appears that traditional P2P file sharing popularity is declining with these two kinds of sites.
Network security devices, specifically IPS functionality, have been providing P2P application detection and facility to block these applications or throttle the traffic from these applications, thereby saving precious bandwidth for Enterprise applications' traffic. With One-click-hosting sites and video sharing sites, these controls are becoming less effective. Network security devices need to change with current reality. Due to the usage of HTTP for downloading the video content, it is a challenge for network security devices to detect this traffic. That is where, signature based application detection comes in handy.
As an administrator, you should look for solution that offers:
- Detection of hosting provider with no false positives.
- Detection of hosting provider within first 2K byte of connection.
- Ability to set the throttling parameters based on
- hosting provider(s).
- machine(s) accessing the hosting site.
- Time of day
- Ability to set throttling parameter such as
- Bandwidth (bytes/sec or packets/sec).
- Signatures to detect hosting providers. Each hosting provider is identified by 'Application ID' using signatures.
- Signatures can be developed with HTTP protocol keywords. Hence detection can happen with zero false positives.
- Traffic Enforcement rules with each rule containing
- Source IP address(es)
- Application ID(s)
- Time of day and Day of week.
- Action : Block Or throttle
- Bandwidth in bytes/sec or pkts/sec
- Flag to indicate whether to apply traffic throttling based on each source IP.
No comments:
Post a Comment