[Oisf-users] Application awareness
Cooper F. Nelson
cnelson at ucsd.edu
Wed Jul 20 14:25:18 UTC 2016
On 7/19/2016 11:38 PM, Vishal Kotalwar wrote:
> Thanks Andreas for the reply, appreciate it.
>
> what I can tell you is, how I may use this feature (probable use cases)
> if implemented.
>
> 1) Control or blocking of traffic: Example - I may want to allow
> Facebook.com but block the games (say Farmville) or facebook chat
You can do this with Squid for free, provided the content is restricted
to a unique domain (i.e. chat.facebook.com). The issue is that
everything is over SSL now which makes it hard to block specific
services in some cases.
If you really want to you can configure squid to MITM SSL sessions, so
you can further restrict access by URI.
> 2) Statistics: I may want to know how many people are using Chrome
> browser in my network, more detailed could be chrome from desktop/laptop
> and mobile; next level could be which OS on those devices (e.g. windows,
> linux, mac, Blackberry, android, ios etc)
This is easy with Squid + the free analysis tool, Calamaris.
> 3) Rate limit: I may want to rate limit video/audio streaming
> applications on my network to free up bandwidth
Also available in Squid:
http://wiki.squid-cache.org/Features/DelayPools
Basically, you are asking for a proxy-firewall, while Suricata is an IDP
solution. Btw, I've done deployments where I've done both on the same
system. I just configure suricata to listen inline on the inside
interface of the Squid proxy and drop Layer-7 packets that match
signatures.
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160720/3a9a75cd/attachment-0002.sig>
More information about the Oisf-users
mailing list