RE: ISA Question - Blocking Audio Streaming

Dear Luiz:
Thanks for posting here. Nice to see you again! :)

Here I would like to provide two suggestions in regard to blocking
audio/video streaming in ISA 2000 and ISA 2004.

==Suggestion 1===
In ISA 2000 scenario:

Using the customized ''content groups'' and create ''sites and contents
rules'' to deny particular content group can help us to block the audio,
video and executive files come with the HTTP protocol. Please refer to the
following steps:

1. Open ''ISA Management'', navigate to ''Access Policy''. Right-click
''Site and Content Rules''-->''New''-->''Rule''.

2. Type a rule name such as ''Deny rule'', click ''Next''.

3. Select ''Deny'' and then click ''Next''. Select ''Custom''. Click
''Next''-->''Next''-->''Next''-->''Next''-->When you configure content
groups, select ''Only the following content types'' and then select
''Audio'', ''Video'' and click ''Next''. Click ''Finish'' to finish the
configuration.

6. Navigate to ''Monitoring''\''Services''. In the right panel, restart the
web proxy service.
For more information:
http://www.isaserver.org/tutorials/Understanding_and_Configuring_ISA_content
_groups.html

http://www.isaserver.org/tutorials/Using_ISA_Content_Groups_to_Restrict_the_
Use_of_Non_Business_Related_Traffic.html

However, sometimes the video and audio streams are transferred by using
some multiple media stream protocols such as MMS, PNM or RTSP. To block
these kinds of media streams, we need to use protocol rules. I would like
to suggest you refer to the following steps:

1. Open ''ISA Management''; navigate to ''Access Policy''\''Protocol
Rules''\

2. In the right panel, double-click the rule. Click ''Protocol'' tab.

3. If the rule is applying to all protocols, please select ''All IP traffic
except selected'' and then choose the following protocols:
MMS-Windows Media
MMS-Windows Media Server
PNM-Realnetworks protocol (Client)
PNM-Realnetworks protocol (Server)
RTSP
RTSP Server

4. Select other protocols that you want to block.

5. Click ''OK'' to close the dialog box.

6. Navigate to ''Monitoring''\''Services''\, in the right panel, restart
the ISA services.

For more information:
http://www.isaserver.org/tutorials/Making_streaming_media_available_to_inter
nal_ISA_clients.html


==Suggestion 2===
In ISA 2004 scenario:
The configuration in ISA 2000 is similar to ISA 2004, even more convenient.
We only need to modify one of the access rules.

Open ISA 2004 Management Console, navigate to Servername\Firewall Policy,
on the right pane, double click the "SBS Internet Access Rule".

Note: This rule is created once we run the CEICW Wizard, if you have
modified the ISA access rules before, please choose the rule you created
for outbound internet access.

a. Go to the Protocols tab, change the option This rule applies to from
"All outbound traffic" to "All outbound traffic except selected", and then
add the following protocols which are defined for Audio/Video to the list.
MMS\MMS Server\PNM\PNM Server\RTSP\RTSP Server

b. Go to the Content Types tab, click "Selected content types", check all
the options except the Audio/Video checkbox and click OK.

c. Apply the configuration.

In addition, if you don't want to modify the existing rules, you can also
create a new DENY access rule which blocks the Audio/Video content and the
above listed protocols. Please also ensure that this DENY rule is listed
before other ALLOW access rules, which can make sure this rule is enforced
before other "allow" rules permit access to the Internet service that you
want to restrict.


At last, we recommend that all the clients be configured as both Web Proxy
client and Firewall client.

I hope the above information helps.
If there is anything I can do for you, please feel free to let me know.

Have a nice day! :)

Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: ISA Question - Blocking Audio Streaming
| thread-index: AcWya5gx0oZQyFR+T1aduEC+sA87vQ==
| X-WBNR-Posting-Host: 200.203.203.10
| From: "=?Utf-8?B?THVpeg==?=" <Luiz@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: ISA Question - Blocking Audio Streaming
| Date: Mon, 5 Sep 2005 15:46:03 -0700
| Lines: 7
| Message-ID: <FAE4FAC1-64ED-47BC-9AD1-AA90CECB1314@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:150949
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi,
|
| How can I block audio/video stream in ISA 2000 and 2004?
|
| Thank you.
|
| Luiz
|

.

Relevant Pages

  • Re: ISA 2004-blocking streaming
    ... > The configuration in ISA 2004 is similar to the one in ISA 2000, ... we only need to modify one of the access rules: ... Go to the Protocols tab, change the option This rule applies to from "All ... > the following protocols which are defined for Audio/Video to the list. ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA Question - Blocking Audio Streaming
    ... > audio/video streaming in ISA 2000 and ISA 2004. ... If the rule is applying to all protocols, ... > We only need to modify one of the access rules. ... > Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA SP3 lockdown?
    ... AV server - this will require a single rule allowing whatever protocol ... "Browsing Network neighborhood using Windows Explorer" uses the Windows ... I can appreciate the need to multi-purpose the ISA, ... set up rules for its protocols so the ISA can be protected and updated. ...
    (microsoft.public.isa)
  • Re: Prioritize HTTPS traffic?
    ... ISA 2000 to ISA 2004. ... protocols will not be possible in this environment? ... > ISA to increase priority of the HTTPS traffic. ... > protocols can have the highly priority when the Effective Bandwidth is ...
    (microsoft.public.windows.server.sbs)
  • RE: Blocking Audio and Video Streaming in ISA 2004
    ... Open ISA 2004 Management Console, navigate to Servername\Firewall Policy, ... before other ALLOW access rules, which can make sure this rule is enforced ... Making streaming media available to internal ISA clients ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
Loading