Manualshelf

User guide

ManualsBrands3com ManualsSoftwareNetwork Administrator f/ HP OpenView (Win)
181182183184185186187188189190
188 CHAPTER 8: PRIORITIZING NETWORK TRAFFIC
Potential Hazards of
Blocking Application
Traffic
Blocking traffic belonging to applications is a powerful feature for
preventing the use of undesired applications on your network. However,
if the wrong application definitions are used for blocking an application
this can cause severe problems on your network.
There are two reasons why blocking a particular application definition
may cause problems on your network:
The application definition may not be narrow enough to prevent
accidental classification of other application traffic. For example, if an
application runs over TCP/IP then specifying a classifier rule of ‘IP
protocol 6’ (the protocol number of TCP) in the application definition
would not be narrow enough for blocking as this would also block all
other TCP/IP traffic.
When blocking an application it is important that the definition is as
specific as it can be about how to identify traffic belonging to that
application. In the example above, it would be better in this case to
specify the classifier rule of ‘TCP port 123’, assuming that the
application uses TCP port 123, as this would only match and so only
block TCP/IP traffic using port 123 rather than all TCP/IP traffic.
The application definition, while still being narrow, may include rules
that will incorrectly classify other applications as belonging to the
application you wish to block. For example, if the definition for an
application ‘A’ that you wish to block specifies the classifiers ‘TCP port
123’ and ‘TCP port 456’ and there is another application ‘B’ running
in your network that uses TCP port 456, then blocking application A
would also block application B.
For many applications, it is enough to block only some of the traffic
that the application generates in order to prevent if from running
successfully on the network. Removing the classifiers that overlap with
other applications may mean that you are still able to block the
application. In the example above, it may be enough to only block TCP
port 123 in order to prevent application A from running on your
network and this would still allow application B to function correctly.
3Com Network Administrator for HP OpenView.book Page 188 Wednesday, November 12, 2003 2:33 PM