We have a really crappy internet connection, and spotify is killing the bandwidth… currently running server 2003, bt internet routed through the server and a 2wire bt business hub.

I have tried amending the block list on in the firewall… but this program seems to use a p2p system with ports and all that stuff i don’t understand.

blocking spotify.com just blocks the website not the application and its ability to stream music…

any help?

Upgrade your internet, Spotify is fine in our office. HTH.

tell people not to use spotify?

Yes – issue a company-wide email stating that Spotify isn’t to be used and that anyone found installing it will be subject to disciplinary action. Tell them that there will be an audit of all systems connected to your network in 4 weeks time.

or any streaming media. thats what our IT did.

no-one pays much attention but its a stick to beat people with if you want to get rid of them…

what druid(h) sed.

it’s not a web service – they have to install sowftware on their pc’s – I’m surprised your policies allow staff to install thrid party software at all, tbh…

1. Remove spotify from all computers.
2. Remove users’ admin rights so they can’t install spotify and all sorts of other junk that will cause other problems.

Pretty basic network admin stuff – why do your users need admin rights?

clubber nail + head

PS we use e-z audit to monitor what’s installed across the network to catch the odd person that has managed to install something (some of the engineers need admin rights to run some test programs but take advantage of that).

http://www.ezaudit.net/default.htm

As far as I know, spotify uses random ports, so why don’t you just block everything to the internet except ports 80(HTTP) and 443(HTTPS)?
Network access should be by exception.

There may be other ports that are used for various things (FTP, SSH etc), but they should be opened up as needed.

This.

Block all open ports. Then, open ports you actually need.

yes, we have tried the email approach, but my boss is so slack he doesn’t back it up… he would rather not have the aggravation… and they all know that… we don’t have any network support, I am the administrator, and I only have enough knowledge to break stuff… I cant dish out bollockings so just blocking it would be easier.

I will do the uninstall and change their admin rights. Give that a go.

I’d also be tempted to put a line in the login script, along the lines of:

if exist %ProgramFiles%\spotify\spotify.exe del %ProgramFiles%\spotify\spotify.exe /q

It best practice anyway… How long before someone installs something that leaves a corporate PC open to a massive pwning?

With regard to port blocking, always go for the “nazi” approach first (block everything), then insist on a written justification for why they want other ports open. If anyone asks, just use “malware protection” as an excuse.

(Can you remove software through group policy that has been installed manually? Never actually tried, might be worth investigating).

port blocking
admin rights
ez audit or similar
email/internet/network usage policy which everyone signs.

And if anyone complains, tell the boss that otherwise it’s like in the films and someone could come in and empty your bank accounts and/or start world war 3 – by the sounds of it he/she will believe you without questioning.

If anyone asks, just use “malware protection” as an excuse.

That’s not an excuse, it’s a reason. You’re reducing your footprint, the less you expose to the outside world, the more secure the network. I can provide plenty of real-world examples of what happens if you’re lax about securing your perimiter.

I am the administrator,

Are you accountable for it if it’s compromised? If you are then you have to have the authority to make these decisions. If you don’t, start acting like you have.

If your staff can’t be trusted not to use spotify when told not to, change your staff rather than your network in my opinion.

ok, just told the fella concerned, uninstalled spotify, and went to change his account privileges… should sort it.

Your network is that poor that one Spotify user is enough to make it go pear-shaped?

not the network, our internet cant cope, cant get fiber, the exchange is crap, we have had our line tested 00’s of times…

If you do need to enforce the policy without doing all the sensible stuff others have mentioned above, I suggest hooking the broadband up to a Cisco router and deploying NBAR (Network based application regognition). It can dynamically identify spoitify (and all other p2p traffic) and either drop it or give it a tiny portion of the available bandwidth.

clubber – Member
1. Remove spotify from all computers.
2. Remove users’ admin rights so they can’t install spotify and all sorts of other junk that will cause other problems.

Pretty basic network admin stuff – why do your users need admin rights?

Grrrr – it is so annoying when IT say you can’t have admin rights. Some of my colleagues do, some don’t have admin rights. The upshot is that is someone wants to download a piece of software for their research they have to book a job with IT which can take days and thus delay any work you’re doing.

havent read all of the above but OPENDNS is great, your just point your router DNS to it and through an admin panle you can block up to 20 websites and its free.

it is so annoying when IT say you can’t have admin rights.

a) if people were trustworthy it wouldn’t be an issue and

b) you shouldn’t need full “admin” rights to install properly written software.

surely if you block spotify they will just use something else. Possibly you tube which means streaming video as well

why dont you just lock down the ports as said before. surely you only need a couple of ports like 23 80 443 and what ever your VPN runs through 5900?

23? You use Telnet a lot?

Just thinking,

but my boss is so slack he doesn’t back it up… he would rather not have the aggravation

I’d be tempted to download some donkey porn onto his desktop, then when he kicks off suggest that it could be a hack attempt / virus which is a result of his cavalier attitude to security.

Alternatively, if he doesn’t give a toss, why should you? Let it grind to a halt, start a few big downloads going to help it along, then when all the users complain tell them it’s because they’re using spotify.

I miss my internal sysadmin days, they were fun.

23? You use Telnet a lot?

21 even its friday afternoon

21 even its friday afternoon

I’d disable FTP outside of IT unless there’s a specific reason for it. (It’s a pain to set up reliably anyway, unless you’ve a firewall doing stateful inspection).

Grrrr – it is so annoying when IT say you can’t have admin rights. Some of my colleagues do, some don’t have admin rights. The upshot is that is someone wants to download a piece of software for their research they have to book a job with IT which can take days and thus delay any work you’re doing.

As I said there are exceptions – for roles similar to yours by the sound of it. Most people don’t need full admin and even if it’s blocked then your IT dept should have a process to install stuff quickly or give you admin rights temporarily.

I can provide plenty of real-world examples of what happens if you’re lax about securing your perimiter.

sniggers childishly
Could you not ride the bike for a few weeks aftwerwards?

If you’re an network admin, look at using OpenDNS if you’re not already…

As for original question, I have a pretty secure network in the office – blocking ports is probably the most effective for your scenario.

Altering the DNS records for spotify.com might be handy too (create a record on your local DNS server for spotify.com to point to 127.0.0.1)

You always get the best advice from poachers turned gamekeepers! 😀

Do you receive any credit card transactions for the business on-line? If so have a look at the PCI-DSS and point out the financial risk the boss is facing for failure to secure the network. Nothing like some 5 figure fines/charges to concentrate the mind!

Sounds like you also need to get some proper business grade hardware in. If it’s standard ADSL, look at the Draytek range of routers. Combine that with a Checkpoint / Watchguard / SonicWall firewall, and you will have a much more reliable (and secure) network.

You seriously need to consider outsourcing your IT!!

Where are you based?

You always get the best advice from poachers turned gamekeepers!

you know… can I steal that?

took me 5yrs to get the right mouse button enabled at my work 🙄