March Madness for IT

The official 2009 NCAA basketball tournament bracket is out and office, friends, and family pools are forming all over the nation. End users everywhere are scoping out what apps and sites they can use to facilitate their need/desire to watch live streaming tourney games at work. The NCAA is again streaming every single tourney game live, and even has a High Quality ("HQ") option this year that consumes even MORE bandwidth. They even have a March Madness on Demand (MMOD) iphone app that allows for live streaming games directly to the iPhone.

Both the normal and HQ streaming options make use of Silverlight and asf streaming - which is a new technique for the 2009 tourney.

Most enterprises are familiar with this time of year and the tourney's impact on their networks. Many organizations will again implement URL filtering policies limiting or banning http://mmod.ncaa.com - which will block traffic to the March Madness on Demand streaming site. The problem that organizations face this year is that users are more savvy than ever, and options to circumvent simple URL filtering policies are legion.

Assuming a simple URL filtering policy to block the http://mmod.ncaa.com URL, users can still watch NCAA tournament games at work using a number of applications that easily bypass enterprise controls:

  • Public proxies (e.g., Hopster, Kproxy)
  • Private proxies (e.g., CGIproxy set up on a broadband connection at home)
  • Tunneling or circumvention applications (e.g., UltraSurf, TOR)
  • Slingbox (connected to the television at home)

If enterprises really do want to get control of this potentially damaging use of bandwidth, in addition to a simple URL filtering block, they should also look at getting control over Silverlight, proxies (both public and private), circumvention applications, and Slingbox traffic. The problem is that enterprises can't do this with traditional security infrastructure.

Palo Alto Networks, with its innovative App-ID technology, can see and control all of the above-mentioned applications and techniques for getting around URL filtering - including proxies, circumvention applications, Slingbox, and Silverlight - by user and or group. Palo Alto Networks next-generation firewalls also provide URL filtering, integrated into the same application- and user-based policies.