To Blacklist or Not, That is the Question
I was recently asked this question ~ Which are the top apps for network admins to blacklist from enterprise networks?
Quite frankly, I think it’s wrong to look for the “top apps”. That said, organizations are going in that direction because they’re thinking in terms of application recognition, but in reality, it’s far more efficient to review this issue from a “type” of data standpoint.
First of all, our statistics on 5,000 installed Network Box devices (on a global scale) show that 90% of Internet traffic is HTTP/HTTPS. Spending too much time to block anything else will gain you very little; yes, it might be useful in terms of security, but no, not really in terms of bandwidth.
Of course, a good proxy will recognize if the traffic flowing on ports 80 and 443 is indeed HTTP/HTTPS or not; and any other port should be closed or well controlled (specify the source and destination wherever possible).
One aspect many fail to consider is the incidence of Microsoft updates; the larger your organization, the more fundamental it is to use an update server; you simply cannot allow 1000 computers to download 100MB of updates every month; it will kill your bandwidth! An update server allows you to download the updates only once, and then distribute them internally as appropriate. Microsoft updates from the Internet, without a local update server, usually account for another big chunk of Internet usage.
Streaming is bandwidth intensive as well, and should be blocked and well controlled. If you block Streaming and your web filtering database is half decent, you’d already have blocked Netflix, Hulu, Blockbuster and the like.
Do you allow Facebook per se but block the apps and games? Do you want to allow Skype?
Once all this is done, you can begin worrying about the “Apps”.
Do you block Youtube but still allow a few selected channels? (do note though that if you do this, you’ll still need to allow ytimg.com, which is where YouTube maintains the images).
The question here is, do you really want to “make a list”?
I personally believe that if it’s not business related, it should be blocked. However, if your company policy is such that you cannot block them, then perhaps a review of the policy as well as a lengthy chat with HR are called for. Recreational use of the Internet at work is irrefutably costly (for the company) but only a good HR policy can determine how much of it to allow and when.
So, which apps do YOU think should be blocked from the workplace?