How do you scan using the PIX for rogue applications eating up bandwidth or particular ports? Using monitoring with the real time log viewer and can watch live traffice and pause, but that does not tell me for example, if someone is streaming music or downloading the universe.
Thanks,
GE
You mention of the real time log viewer suggests that you are using PIX 7 point something ?
The PIX is not the right device for scanning for unexpected protocols on ports; an ASA is more appropriate (relatively speaking).
But if someone is "downloading the universe" or streaming music via http, then that is NOT a "rogue application". The PIX cannot tell the difference between someone watching a webcast of the company president, and someone watching a music video via the same protocol.
If you have allowed people to connect to sites unknown to you, then the assumption you have made is that they might have a valid work-related reason for making that connection. At that point, whether a particular connection is "rogue" or not is a matter of intent, which is something very difficult for computers to analyze.
Two people on adjacent systems might be transfering the same information, and for one of them it might be "abuse" and for the other one it might be part of the job. For example, our specialist in image analysis might have work reasons to download images from NASA, but the next office over has a different specialty and downloading the same images from NASA would be "use of company resources for personal reasons".
Before you can get -any- firewall to block or detect "rogue" applications, you must be able to automate decisions about the legitimacy of any particular connection -- and if you could invent a suitable mechanical decision process, chances are that not too long afterwards, someone will write a new music or warez protocol that works within the limits. People are doing music over DNS...
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.