If you know the IP adresses of the sites that your internal users are trying to access. Then you can block that addresses with an access list. That can be done running the "nslookup" in the cmd
of the PC.
For example: "nslookup yahoo.com" will give you the IP addresses of yahoo. Then you can
block the access to that addresses setting the following ACL's:
access-list deny ip any host 161.108.212.27
access-list deny ip any host 66.218.71.198
..etc
If you know the ports that the applications are using you can block them. That can be done applying the ACL's but specifying the destination ports you want to block. For example, If you want to block some well known ports for streaming (see the list below) you just have to do the
following:
access-list deny tcp any any eq 554
access-list deny udp any any eq 554
etc...
*********************************************
List of steraming well known ports:
UDP 2979 H.263 Video Streaming
UDP 1790 Narrative Media Streaming Protocol
UDP 1755 ms-streaming
UDP 1736 street-stream
UDP 554 Real Time Stream Control Protocol
UDP 537 Networked Media Streaming Protocol
TCP 2979 H.263 Video Streaming
TCP 1790 Narrative Media Streaming Protocol
TCP 1755 Microsoft Streaming Server
TCP 1736 street-stream
TCP 554 Real Time Stream Control Protocol
TCP 537 Networked Media Streaming Protocol