I have just installed ISA on our internal network in the integrated mode, but we don't use the firewall part. We also have a cache proxy server, which sits in our DMZ. ISA is configured to send all requests to that cache proxy server. I want to stop users from listening to the radio on the Internet, i.e., to stop streaming. How can I do that? I have already tried stopping it in the protocol filters by disabling the RTSP, but it doesn't work. Thanks in advance for the help.
You can never completely stop knowledgeable and persistent employees from misusing your network, but you can do several things to reduce it. Disabling streaming services at the proxy server is a good first step. As you've discovered, that won't solve your problems. One of the most effective methods is an administrative control, not a technical control. Publish a policy to all employees regarding acceptable computer use, and have everyone sign it. Train your employees about the cost of bandwidth and what the company pays when they stream music from the Internet. Let your employees know that you monitor Web access, and have HR publish policies for dealing with employees who violate the terms of your acceptable computer use agreement.
The reason implementing technical controls is so difficult is that streaming protocols such as Real Server, QuickTime and MS Media Services include the ability to tunnel themselves through HTTP. Basically, they make streaming services look like any other Web request. Besides just streaming protocols, users can use tunneling software to allow hide any sort of Web usage. Trying to control users at the firewall is a losing battle.
If your company has a computer use policy that allows for it, you could monitor users' Web requests and block all requests to sites that do streaming. You could also take the war to the desktop, by enforcing strict policies that don't allow employees to run non-approved software. If you have technically skilled employees, however, there is no way to completely control their Internet use. Good luck.
Dig Deeper on Windows client management
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.