Disable LAN gaming

A simple question. A LAN Ethernet network is available at work but is being used for LAN gaming. It is important to stop the gaming. Is there a way?

I was thinking that gaming might used certain ports on the network and that I can discover these ports and disable them using the firewall.

Guys, I really need help in this or just suggestions or advice in which I can research more.

 

Are you system admin mate? and is it just lan gaming or wan as well?
Difficult to isolate port use as differing apps/games use different ones but if you're admin, most companies will takes any memo's from admin regarding this sort of thing as 'serious' and issue a general warning to all employees.

 

Yes, I am admin. Actually speaking on behalf of an admin. Its true that it is a serious issue and needs to be dealt with management, but I want to make sure it is also done technically.

I was checking port lists and found that gaming has a very range in ports, since I was thinking of blocking a certain range. A possible way could be by monitoring the network and checking the large data transfer and knowing which application(s) uses these ports and then disable them.

Another thing, is there a list or default configuration in which a network firewall could have, which actually blocks unneeded ports?

 

how are your users installing these games? users shouldnt have rights to install stuff that isnt OKed by the admin. it might be a little extra work, but once you get it all set up you'll be fine. Enforce that in a policy, not only Group Policy for denying install rights, but in your acceptable computer usage policies that NEED to be backed by management. If they break the policy, they lose computer privileges. If losing computer access all together isnt possible, then they will be on an account with the least privileges. Access only to websites that have to do with school/work.

and yes, your edge firewall should be blocking all ports and you open ports that are needed. thats best practice for any environment. but your edge firewall isnt going to help you if these are LAN only games that dont need internet access.

 

But even if installation rights are not permitted, the user still can play the game from a USB. I know this because we used to do in university.

So, basically what is the best way to eliminate LAN gaming?

 

Outside of policies at the workstation level, it sounds like you're looking for a firewall that does deep packet inspection to tell what the traffic is and then makes a determination as to what to pass and what to block. (Add money here) However, as KingSteve mentioned, if the gaming traffic is occurring on the internal network, the firewall at the internet gateway isn't going to do you much good. KingSteve is also right in stating that good firewall practices include egress filtering. If we are talking strictly about games (or any other applications) accessing the internet, have you considered egress filtering everything at the firewall and then setting up an authenticated proxy server? You could configure the proxy to only forward traffic on ports 80 (http) and 443 (https). For the internal network, it sounds like your looking for an IPS which could be configured to block traffic that matches patterns recognized as gaming traffic. (Add more money here)

Reference:
http://en.wikipedia.org/wiki/Deep_packet_inspection
http://en.wikipedia.org/wiki/Intrusion-prevention_system

 

Problem with that though is those are all edge/gateway firewalls. You dont really even need packet inspection or IPS to block ports used by those games for external access. Thats not going to help internally unless traffic is being sent through the firewall. If you want to spend money, you can get firewalls that "isolate" your subnets, but thats not even going to help since it would sit on your backbone. PCs to switch to internal firewall - to core or distribution switch. gaming is done from PC to switch and wouldnt even touch your firewall. You can configure client firewalls on individual PCs if you wanted to.
You obviously know the gaming is going on, but how are you finding it out? Id strongly suggest enforcing an acceptable use policy that prohibits gaming on domain computers if you can keep them monitored. that way, there wont be any question as to whether or not its "ok" to play those games. as i said, it is critical that it is fully backed by management or no one will pay attention. enforce "if you do this, then you'll lose this."

 

Thank you PEBKAC and KingSteve for your resourceful replies. I will read more and check the best option. I will let you know which procedure I will follow.

Cheers