1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

how to block apps??

Discussion in 'Networking' started by nf24eg, Jan 22, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. nf24eg

    nf24eg Thread Starter

    Joined:
    Feb 15, 2007
    Messages:
    103
    hello there, we are trying a program called "Kerio Control" in our systems as a firewall but we face a problem and hope to help on solving it.
    the network is Wi-Fi, users are not allowed to download, upload mobile apps or stream videos or use the Play store or apple store etc., Just allowed to check emails, surfing the internet.
    we blocked so many IPs but that doesn't work, we blocked ports, but it doesn't work either.
    any suggestions ?
     
  2. Dave128

    Dave128

    Joined:
    Jan 22, 2015
    Messages:
    1
    You'll need to allow the apps you want rather than block everything else.
     
  3. nf24eg

    nf24eg Thread Starter

    Joined:
    Feb 15, 2007
    Messages:
    103
    if allow any that means you allow all, because the apps use the Https protocol same like the website !!
     
  4. KomputerKid

    KomputerKid

    Joined:
    Dec 25, 2014
    Messages:
    1,081
    What you probably need to do is to block file types like .exe or .zip. Another thing you could do is set them up as guest accounts with limited privileges.

    Is this for a business, school, apartment etc? Different situations may have different answers.
     
  5. nf24eg

    nf24eg Thread Starter

    Joined:
    Feb 15, 2007
    Messages:
    103
    tried to block the extensions like, zip, rar, apk, exe, but notice that Apps can still updating, videos still streaming, moreover there is rooted devices that can easily connect to anything.
    more ideas ?!
    it's a school
     
  6. KomputerKid

    KomputerKid

    Joined:
    Dec 25, 2014
    Messages:
    1,081
    Can you answer my question? I see they have a trial version. I'm going to download it and see if I can figure it out.
     
  7. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Simple Software-Restriction Policy is a little program with a lot of power. Free, easy to use, can block the ability to run or install software from any places you choose, including removable media, etc. It may not be what you are looking for to block Internet content, but for software and security, it could be interesting. The program is password protected.
     
  8. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,273
    If you want to do what you're asking at the network level, you need a next gen firewall with the ability to do deep packet inspection. Stateful packet inspection was the old state of the art for firewall protection. It's no longer adequate because it doesn't deal with changes in how ports are being used. For instance, if you allow a benign port like SSH through your firewall (TCP port 22), someone could just use that port for streaming video for instance. Just because port 22, 80, 443 ,etc, are known for what you're supposed to send network traffic wise, doesn't mean you have to follow convention. A DPI firewall guards against this. With a SPI firewall, it examines the source/destination addresses and port(s). With a DPI firewall, the firewall actually looks at the payload of the packet being sent. If it sees anything that isn't what is supposed to be sent over a known port, the firewall will block it. Also, you can set rules to block P2P/streaming traffic for instance. The firewall will recognize the characteristics of this type of traffic and will block it regardless of from where and to where it goes. As long as the network traffic traverses through the firewall.

    This type of next gen firewall requires more state of the art processing power as it is doing more than past generation SPI firewalls.
     
  9. nf24eg

    nf24eg Thread Starter

    Joined:
    Feb 15, 2007
    Messages:
    103
    it's a school
     
  10. nf24eg

    nf24eg Thread Starter

    Joined:
    Feb 15, 2007
    Messages:
    103
    @zx10guy's, may you give me examples about the generations of the firewalls which can do this job? as I said we are still trying this firewall and "Kerio control" if you have names of this new firewalls generations kindly share with me.
    thank you
     
  11. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,273
    All of SonicWall's firewalls are next gen with DPI capabilities along with UTM (unified threat management). This means these firewalls are capable of doing gateway anti-virus, email scanning, and content filtering. Also the SonicWall firewalls have intrusion detection/prevention features. The model of firewall you select is based on the throughput you want on the firewall with various features running. The more features you have running the more intensive the load is on the firewall. Also, the number of users/sessions, is a consideration.

    Cisco has their new line of ASA-X firewalls.
     
  12. nf24eg

    nf24eg Thread Starter

    Joined:
    Feb 15, 2007
    Messages:
    103
    I can see you talk about Hardware while I talk about software firewall, isn't there an available software firewall that can do this ?
     
  13. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,273
    I looked at the website for Kerio. It's a bit hard to pull out system specs and I'm still unable to figure out what the operating limitations are for their software appliance. They have specs for their hardware appliance such as how many concurrent users and so on. But if I am to believe them, the software appliance appears to be a DPI next gen firewall. It also has the other features I mentioned which are content filtering, IPS/IDS, etc.

    With that said, what issues are you running in to with the Kerio solution?

    The reason why I bring up a hardware solution is because the processors used are typically optimized to process the network traffic faster than off the shelf hardware. Hardware solutions also will typically be more reliable as there are less "moving" parts such as no hard drive or larger power supply to fail. And with mission critical applications, there are hardware firewalls with redundancy features such as hot swappable power supplies.

    Here's also something to look at. Checkpoint along with SonicWall have links to the latest NSS Labs report measuring max throughput with everything turned on within the firewall. The results are pretty telling. In the case of SonicWall, within the same generation of firewall, the software is basically the same. The only thing different is beefier hardware in units which scale to larger number users, sessions, etc. Just something to think about.

    https://www.checkpoint.com/campaigns/nss-fw-ngfw-ips-tests/index.html
     
  14. nf24eg

    nf24eg Thread Starter

    Joined:
    Feb 15, 2007
    Messages:
    103
    Thank you so much zx10guy I like your solutions about the hardware firewall, but it's out of my hands, so all I have is software firewall.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1141686

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice