HOw would I go about stopping poeple on the network from using an instant chat? AIM, MSN, Yahoo ...
Should I block the "normal" ports they use? will that keep the avg person from using it?
any other options?
Printable View
HOw would I go about stopping poeple on the network from using an instant chat? AIM, MSN, Yahoo ...
Should I block the "normal" ports they use? will that keep the avg person from using it?
any other options?
1st, do you have a policy in place that can be enforced?
You can block the ports but this can break browsing depending on the port used.
Some newer firewalls are application aware and can ID messenger traffic and block it but
I have only seen a few with this support.
Yes, we have a active policy in place.
We use the PIX firewall. I was thought it might break browsing cause dont most chats use typical port 80? or 443?
We are currently dealing with this problem too. Blocking the common port will provide some help, however some of the more popular IM clients will allow for the traffic to flow on port 80. We have set-up blocking to the sites where you can download the client(s).
e.g.
http://messenger.yahoo.com/
We also have a snort rules in place to detect this traffic.
alert tcp $EXTERNAL_NET 5050 -> $HOME_NET any (msg:"CHAT Yahoo IM successful chat join"; flow:from_server,established; content:"YMSG"; depth:4; nocase; content:"|00 98|"; depth:2; offset:10; classtype:policy-violation; sid:2458; rev:3;)
alert tcp $HOME_NET any -> $AIM_SERVERS any (msg:"CHAT AIM login"; flow:to_server,established; content:"*|01|"; depth:2; classtype:policy-violation; sid:1631; rev:6;)
alert tcp $HOME_NET any -> $EXTERNAL_NET 1863 (msg:"CHAT MSN login attempt"; flow:to_server,established; content:"USR "; depth:4; nocase; content:" TWN "; distance:1; nocase; classtype:policy-violation; sid:1991; rev:1;)
Cheers:
We do not have any IDS in place. We are working on it now. It shoudl be implemented by the end of the yeah. we cannot use a "free" software because of our audit compliance.
I don't know if this is feasible? Can you use something like this?
http://www.websense.com/?Display=IM
Websense and similar solutions can work.Quote:
Originally posted here by muert0
I don't know if this is feasible? Can you use something like this?
http://www.websense.com/?Display=IM
Often they are very very expensive.
But if things like this start working wouldn't it be worth it?
http://www.pcworld.com/news/article/0,aid,117998,00.asp
We have websense...I just dont knwo much about it...I have only been here 6 months and havent had time to look too much into that but i was under the impression it only stops web address access. I know we dont have the Desktop side and that is prolly what blocks IM...
If you have websnese enterprise I just finished reading the white paper and it should be builtin so it should tell you how to configure it in the manual.
Edit: nevermind I found this:
http://www.websense.com/support/tuto...eCPMPolicy.php
And here's a list of their other tut's:
http://www.websense.com/support/tutorials/
Thak you for that link. I am looking right now
Without a doubt. Don't mis-understand...Quote:
Originally posted here by muert0
But if things like this start working wouldn't it be worth it?
http://www.pcworld.com/news/article/0,aid,117998,00.asp
I was just alerting to the price since allot of readers here often search for
open source / free stuff.
SGS