Re: [fw-wiz] Edge appliance (firewall) that filters/monitors/records instant messenger?



On Fri, Dec 5, 2008 at 8:07 PM, Victor Williams
<bwilliam13@xxxxxxxxxxxxxx> wrote:
I am looking at different technologies to address the constant and
ever-changing instant messenger issue. At this point, I'm looking at two
options really...block everything at the firewall except incoming VPN
connections, and use a proxy server for any required outgoing internet
access,

Even with a proxy, savvy users will be able to bypass all but the most
intrusive IM controls. Short of doing MITM on every SSL session or
locking down all devices on the network, the problem of IM may be
better solved through HR than IT.

Properly configured, a Sidewinder firewall can make it very difficult
for users to tunnel out to Internet IM (by validating the protocol for
on both TCP/22 and TCP/443 or any other CONNECT destination), but not
impossible.


and use an internal IM/conferencing service like Office
Communications Server 2007 that can hook to public IM networks if needed...

OCS seems to be the preferred solution to this problem, at least for
Microsoft-centric shops. Yes, it can be a pain to set up, and MS
wants a per-seat license for federation with other IM networks, but it
does work.


Overall question, does anyone know of any other options that would allow me
to manage this traffic and be able to provide to management transcripts of
what is typed, and to whom?

Look into Blue Coat and Symantec's "IMlogic"


Kevin
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Do I really NEED a firewall??
    ... I've seen systems beeing broken into before they are finished ... My experience is mostly from relatively open university networks, ... because in most cases there are no central firewall. ... as you are smart enough to stay up to date with security patches, ...
    (comp.security.firewalls)
  • Re: Networking problems
    ... SP2 automatically enables the Windows Firewall. ... go to the Windows Firewall applet in Control ... File and Printer Sharing for Microsoft Networks ... Elephant Boy Computers ...
    (microsoft.public.windowsxp.network_web)
  • Re: One computer cant access the network
    ... Your question about firewall reminded me that I had not ... >for Microsoft Networks, on both machines? ... Panel - Administrative Tools ... check to see if Simple File Sharing (Control ...
    (microsoft.public.windowsxp.network_web)
  • Re: peer-to-peer
    ... Make sure the XP's firewall is disabled on local area networks. ... > It is named JUDY. ... > BILL machine. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Making a router from a Linux machine
    ... First make sure that the two networks can talk to each other. ... make sure that your central machine is the default gateway on ... Once you have that working then you can get the firewall working. ... >with iptables just didn't help - I still don't have a solution. ...
    (comp.os.linux.networking)