Network help needed – blocking spotify on company network
We have a really crappy internet connection, and spotify is killing the bandwidth… currently running server 2003, bt internet routed through the server and a 2wire bt business hub.
I have tried amending the block list on in the firewall… but this program seems to use a p2p system with ports and all that stuff i don’t understand.
blocking spotify.com just blocks the website not the application and its ability to stream music…
any help?Posted 7 years ago16stonepigMember
As far as I know, spotify uses random ports, so why don’t you just block everything to the internet except ports 80(HTTP) and 443(HTTPS)?
Network access should be by exception.
There may be other ports that are used for various things (FTP, SSH etc), but they should be opened up as needed.Posted 7 years ago
yes, we have tried the email approach, but my boss is so slack he doesn’t back it up… he would rather not have the aggravation… and they all know that… we don’t have any network support, I am the administrator, and I only have enough knowledge to break stuff… I cant dish out bollockings so just blocking it would be easier.
I will do the uninstall and change their admin rights. Give that a go.Posted 7 years agowillardMember
It best practice anyway… How long before someone installs something that leaves a corporate PC open to a massive pwning?
With regard to port blocking, always go for the “nazi” approach first (block everything), then insist on a written justification for why they want other ports open. If anyone asks, just use “malware protection” as an excuse.Posted 7 years ago
ez audit or similar
email/internet/network usage policy which everyone signs.
And if anyone complains, tell the boss that otherwise it’s like in the films and someone could come in and empty your bank accounts and/or start world war 3 – by the sounds of it he/she will believe you without questioning.Posted 7 years ago
If anyone asks, just use “malware protection” as an excuse.
That’s not an excuse, it’s a reason. You’re reducing your footprint, the less you expose to the outside world, the more secure the network. I can provide plenty of real-world examples of what happens if you’re lax about securing your perimiter.Posted 7 years agokevin1911Member
If you do need to enforce the policy without doing all the sensible stuff others have mentioned above, I suggest hooking the broadband up to a Cisco router and deploying NBAR (Network based application regognition). It can dynamically identify spoitify (and all other p2p traffic) and either drop it or give it a tiny portion of the available bandwidth.Posted 7 years agoCaptJonMember
clubber – Member
1. Remove spotify from all computers.
2. Remove users’ admin rights so they can’t install spotify and all sorts of other junk that will cause other problems.
Pretty basic network admin stuff – why do your users need admin rights?
Grrrr – it is so annoying when IT say you can’t have admin rights. Some of my colleagues do, some don’t have admin rights. The upshot is that is someone wants to download a piece of software for their research they have to book a job with IT which can take days and thus delay any work you’re doing.Posted 7 years ago
but my boss is so slack he doesn’t back it up… he would rather not have the aggravation
I’d be tempted to download some donkey porn onto his desktop, then when he kicks off suggest that it could be a hack attempt / virus which is a result of his cavalier attitude to security.
Alternatively, if he doesn’t give a toss, why should you? Let it grind to a halt, start a few big downloads going to help it along, then when all the users complain tell them it’s because they’re using spotify.
I miss my internal sysadmin days, they were fun.Posted 7 years ago
Grrrr – it is so annoying when IT say you can’t have admin rights. Some of my colleagues do, some don’t have admin rights. The upshot is that is someone wants to download a piece of software for their research they have to book a job with IT which can take days and thus delay any work you’re doing.
As I said there are exceptions – for roles similar to yours by the sound of it. Most people don’t need full admin and even if it’s blocked then your IT dept should have a process to install stuff quickly or give you admin rights temporarily.Posted 7 years agoxiphonMember
If you’re an network admin, look at using OpenDNS if you’re not already…
As for original question, I have a pretty secure network in the office – blocking ports is probably the most effective for your scenario.
Altering the DNS records for spotify.com might be handy too (create a record on your local DNS server for spotify.com to point to 127.0.0.1)Posted 7 years agoxiphonMember
Sounds like you also need to get some proper business grade hardware in. If it’s standard ADSL, look at the Draytek range of routers. Combine that with a Checkpoint / Watchguard / SonicWall firewall, and you will have a much more reliable (and secure) network.
You seriously need to consider outsourcing your IT!!
Where are you based?Posted 7 years ago
The topic ‘Network help needed – blocking spotify on company network’ is closed to new replies.