Network help needed – blocking spotify on company network

Home Forum Chat Forum Network help needed – blocking spotify on company network

Viewing 40 posts - 1 through 40 (of 42 total)
  • Network help needed – blocking spotify on company network
  • neilforrow
    Member

    We have a really crappy internet connection, and spotify is killing the bandwidth… currently running server 2003, bt internet routed through the server and a 2wire bt business hub.

    I have tried amending the block list on in the firewall… but this program seems to use a p2p system with ports and all that stuff i don’t understand.

    blocking spotify.com just blocks the website not the application and its ability to stream music…

    any help?

    sobriety
    Member

    Upgrade your internet, Spotify is fine in our office. HTH.

    Premier Icon jam bo
    Subscriber

    tell people not to use spotify?

    druidh
    Member

    Yes – issue a company-wide email stating that Spotify isn’t to be used and that anyone found installing it will be subject to disciplinary action. Tell them that there will be an audit of all systems connected to your network in 4 weeks time.

    Premier Icon jam bo
    Subscriber

    or any streaming media. thats what our IT did.

    no-one pays much attention but its a stick to beat people with if you want to get rid of them…

    Premier Icon wwaswas
    Subscriber

    what druid(h) sed.

    it’s not a web service – they have to install sowftware on their pc’s – I’m surprised your policies allow staff to install thrid party software at all, tbh…

    clubber
    Member

    1. Remove spotify from all computers.
    2. Remove users’ admin rights so they can’t install spotify and all sorts of other junk that will cause other problems.

    Pretty basic network admin stuff – why do your users need admin rights?

    bigyinn
    Member

    clubber nail + head

    clubber
    Member

    PS we use e-z audit to monitor what’s installed across the network to catch the odd person that has managed to install something (some of the engineers need admin rights to run some test programs but take advantage of that).

    http://www.ezaudit.net/default.htm

    16stonepig
    Member

    As far as I know, spotify uses random ports, so why don’t you just block everything to the internet except ports 80(HTTP) and 443(HTTPS)?
    Network access should be by exception.

    There may be other ports that are used for various things (FTP, SSH etc), but they should be opened up as needed.

    Premier Icon Cougar
    Subscriber

    This.

    Block all open ports. Then, open ports you actually need.

    neilforrow
    Member

    yes, we have tried the email approach, but my boss is so slack he doesn’t back it up… he would rather not have the aggravation… and they all know that… we don’t have any network support, I am the administrator, and I only have enough knowledge to break stuff… I cant dish out bollockings so just blocking it would be easier.

    I will do the uninstall and change their admin rights. Give that a go.

    Premier Icon Cougar
    Subscriber

    I’d also be tempted to put a line in the login script, along the lines of:

    if exist %ProgramFiles%\spotify\spotify.exe del %ProgramFiles%\spotify\spotify.exe /q

    willard
    Member

    It best practice anyway… How long before someone installs something that leaves a corporate PC open to a massive pwning?

    With regard to port blocking, always go for the “nazi” approach first (block everything), then insist on a written justification for why they want other ports open. If anyone asks, just use “malware protection” as an excuse.

    Premier Icon Cougar
    Subscriber

    (Can you remove software through group policy that has been installed manually? Never actually tried, might be worth investigating).

    clubber
    Member

    port blocking
    admin rights
    ez audit or similar
    email/internet/network usage policy which everyone signs.

    And if anyone complains, tell the boss that otherwise it’s like in the films and someone could come in and empty your bank accounts and/or start world war 3 – by the sounds of it he/she will believe you without questioning.

    Premier Icon Cougar
    Subscriber

    If anyone asks, just use “malware protection” as an excuse.

    That’s not an excuse, it’s a reason. You’re reducing your footprint, the less you expose to the outside world, the more secure the network. I can provide plenty of real-world examples of what happens if you’re lax about securing your perimiter.

    Premier Icon Cougar
    Subscriber

    I am the administrator,

    Are you accountable for it if it’s compromised? If you are then you have to have the authority to make these decisions. If you don’t, start acting like you have.

    atlaz
    Member

    If your staff can’t be trusted not to use spotify when told not to, change your staff rather than your network in my opinion.

    neilforrow
    Member

    ok, just told the fella concerned, uninstalled spotify, and went to change his account privileges… should sort it.

    mogrim
    Member

    Your network is that poor that one Spotify user is enough to make it go pear-shaped?

    neilforrow
    Member

    not the network, our internet cant cope, cant get fiber, the exchange is crap, we have had our line tested 00’s of times…

    kevin1911
    Member

    If you do need to enforce the policy without doing all the sensible stuff others have mentioned above, I suggest hooking the broadband up to a Cisco router and deploying NBAR (Network based application regognition). It can dynamically identify spoitify (and all other p2p traffic) and either drop it or give it a tiny portion of the available bandwidth.

    CaptJon
    Member

    clubber – Member
    1. Remove spotify from all computers.
    2. Remove users’ admin rights so they can’t install spotify and all sorts of other junk that will cause other problems.

    Pretty basic network admin stuff – why do your users need admin rights?

    Grrrr – it is so annoying when IT say you can’t have admin rights. Some of my colleagues do, some don’t have admin rights. The upshot is that is someone wants to download a piece of software for their research they have to book a job with IT which can take days and thus delay any work you’re doing.

    monkey_boy
    Member

    havent read all of the above but OPENDNS is great, your just point your router DNS to it and through an admin panle you can block up to 20 websites and its free.

    Premier Icon Cougar
    Subscriber

    it is so annoying when IT say you can’t have admin rights.

    a) if people were trustworthy it wouldn’t be an issue and

    b) you shouldn’t need full “admin” rights to install properly written software.

    scu98rkr
    Member

    surely if you block spotify they will just use something else. Possibly you tube which means streaming video as well

    s4rpf
    Member

    why dont you just lock down the ports as said before. surely you only need a couple of ports like 23 80 443 and what ever your VPN runs through 5900?

    Premier Icon Cougar
    Subscriber

    23? You use Telnet a lot?

    Premier Icon Cougar
    Subscriber

    Just thinking,

    but my boss is so slack he doesn’t back it up… he would rather not have the aggravation

    I’d be tempted to download some donkey porn onto his desktop, then when he kicks off suggest that it could be a hack attempt / virus which is a result of his cavalier attitude to security.

    Alternatively, if he doesn’t give a toss, why should you? Let it grind to a halt, start a few big downloads going to help it along, then when all the users complain tell them it’s because they’re using spotify.

    I miss my internal sysadmin days, they were fun.

    s4rpf
    Member

    23? You use Telnet a lot?

    21 even its friday afternoon

    Premier Icon Cougar
    Subscriber

    21 even its friday afternoon

    I’d disable FTP outside of IT unless there’s a specific reason for it. (It’s a pain to set up reliably anyway, unless you’ve a firewall doing stateful inspection).

    clubber
    Member

    Grrrr – it is so annoying when IT say you can’t have admin rights. Some of my colleagues do, some don’t have admin rights. The upshot is that is someone wants to download a piece of software for their research they have to book a job with IT which can take days and thus delay any work you’re doing.

    As I said there are exceptions – for roles similar to yours by the sound of it. Most people don’t need full admin and even if it’s blocked then your IT dept should have a process to install stuff quickly or give you admin rights temporarily.

    Junkyard
    Member

    I can provide plenty of real-world examples of what happens if you’re lax about securing your perimiter.

    sniggers childishly
    Could you not ride the bike for a few weeks aftwerwards?

    xiphon
    Member

    If you’re an network admin, look at using OpenDNS if you’re not already…

    As for original question, I have a pretty secure network in the office – blocking ports is probably the most effective for your scenario.

    Altering the DNS records for spotify.com might be handy too (create a record on your local DNS server for spotify.com to point to 127.0.0.1)

    Markie
    Member

    You always get the best advice from poachers turned gamekeepers! 😀

    Premier Icon Sandwich
    Subscriber

    Do you receive any credit card transactions for the business on-line? If so have a look at the PCI-DSS and point out the financial risk the boss is facing for failure to secure the network. Nothing like some 5 figure fines/charges to concentrate the mind!

    xiphon
    Member

    Sounds like you also need to get some proper business grade hardware in. If it’s standard ADSL, look at the Draytek range of routers. Combine that with a Checkpoint / Watchguard / SonicWall firewall, and you will have a much more reliable (and secure) network.

    You seriously need to consider outsourcing your IT!!

    Where are you based?

    Premier Icon Cougar
    Subscriber

    You always get the best advice from poachers turned gamekeepers!

    you know… can I steal that?

    Premier Icon scaredypants
    Subscriber

    took me 5yrs to get the right mouse button enabled at my work 🙄

Viewing 40 posts - 1 through 40 (of 42 total)

The topic ‘Network help needed – blocking spotify on company network’ is closed to new replies.