Re: [fw-wiz] Edge appliance (firewall) that filters/monitors/recordsinstant messenger?

The first option you mention is the most secure (default: deny all). You'll have to remember, however, that HTTP tunnelling has become more and more common... leading to a need for a site filtering black list to be thrown into the mix. Or you can make sure your users know your policy (no IM except the officially authorized IM of X using Y) and then audit periodically to enforce.

The second option you mention works well also. However, I don't see it obviating the need for periodica audits either.

Final word: you can roll your own, buy a pre-packaged solution, or hire a service, but you will still need to overlook it at least once a week (delve into the logs, check some random connections, get your hands into the guts). Human expertise is a vital part of any security solution.


-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of
Victor Williams
Sent: Friday, December 05, 2008 9:07 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Edge appliance (firewall) that
filters/monitors/recordsinstant messenger?

I am looking at different technologies to address the constant and
ever-changing instant messenger issue. At this point, I'm looking at
two options really...block everything at the firewall except incoming
VPN connections, and use a proxy server for any required outgoing
internet access, and use an internal IM/conferencing service like Office
Communications Server 2007 that can hook to public IM networks if needed...


Something like the Fortinet firewalls that can
allow/deny/control/monitor IM/URL/virus/spam/IDS/IPS/etc traffic at the
perimeter. We have Secure Computing sidewinders and Cisco ASA's
in-house already...they can handle everything except the IM traffic.

Management has stated that IM of some kind is required for certain
employees who are separated by a continent to save on long-distance
phone usage until VoIP can be fully realized/utilized.

Overall question, does anyone know of any other options that would allow
me to manage this traffic and be able to provide to management
transcripts of what is typed, and to whom?

Yeah, I know I could use Ethereal and some other freely available
things. Issue is, I want fire and forget, with the ability to let the
managers to receive/view the reports without my interaction. Likewise,
I want someone else (a vendor) to manage the ever-changing issue of IM
traffic signatures and whatnot, which I would still have to
handle/decipher going the Ethereal route.

Thanks for your time.

firewall-wizards mailing list
firewall-wizards mailing list