Re: Blocking Instant Messaging Applications

• Previous message: Stephen Alford: "RE: Wireless N"
• In reply to: Neksus: "Re: Blocking Instant Messaging Applications"
• Next in thread: Gaddis, Jeremy L.: "Re: Blocking Instant Messaging Applications"
• Reply: Gaddis, Jeremy L.: "Re: Blocking Instant Messaging Applications"
• Reply: Aditya Deshmukh: "RE: Blocking Instant Messaging Applications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 21 Nov 2005 14:39:23 -0600
To: Neksus <neksus@gmail.com>

At the PIX or firewall, or wherever your ACLs are kept, block incoming
or outgoing traffic to oscar.aol.com, the messenger login servers,
trillian, yahoo, etc etc etc.

You should be able to pull those from the connection logs. The clients
initiate contact with those authentication services, and if they can't
reach them, then they cannot logon and use them.

Cleanest and easiest to me. If people cant logon to the service, then
you have rendered it useless.

On 11/21/05, Neksus <neksus@gmail.com> wrote:
> Jeremy,
>
> A solution that I implemented in the past (for MSN) is as follow:
>
> 1. Install a firewall, block everything that is a direct connection
> from the desktop.
>
> 2. Install a proxy for FTP, web and https (20/21/80/443). Only the
> proxy server should be allowed to directly connect to the internet.
>
> 3. Put the MSN domain name in your own DNS to prevent the application
> from reaching the server by hoping on port 80. I forgot what is the
> domain name off the top of my head.
>
> 4. Block access to the local hosts file to avoid clever users from
> adding the IP in the file (Windows will read this file first, then
> DNS). Users should not be admins of their own machine.
>
> 5. Install an internal server if you have a large user base (country
> wide or international). Microsoft has one that is easy to setup but
> you'll need to use Windows Messenger instead of MSN messenger. They
> also release Windows Communicator or something close that is Windows
> Messenger on steroids.
>
> 6. Relax and enjoy.
>
> There might be other ways. I'm just giving you my own recipe.
>
> (N)
>

• Previous message: Stephen Alford: "RE: Wireless N"
• In reply to: Neksus: "Re: Blocking Instant Messaging Applications"
• Next in thread: Gaddis, Jeremy L.: "Re: Blocking Instant Messaging Applications"
• Reply: Gaddis, Jeremy L.: "Re: Blocking Instant Messaging Applications"
• Reply: Aditya Deshmukh: "RE: Blocking Instant Messaging Applications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: How to Maintain an IIS Server? ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ... (microsoft.public.inetserver.iis.security) Re: login attempts ... > Every day i have on my win2000 iternet server a lots of wrong login ... Windows by default allows ... You also need a firewall. ... the internet, except for those ports you know you're using. ... (microsoft.public.win2000.security) Re: How to Maintain an IIS Server? ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ... (microsoft.public.inetserver.iis.security) [NT] Vulnerability in Server Service Allows Code Execution (MS08-067) ... Vulnerability in Server Service Allows Code Execution ... This security update resolves a privately reported vulnerability in the ... Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker ... Firewall best practices and standard default ... (Securiteam) Re: NETFW.INF, Preconfigured Firewall settings and dialogs ... it is Windows Server 2003 SP1 firewall that i'm using. ... Using the document '832017 Port Requirements for the Microsoft Windows ... > to achieve the following goal: some ports are open by default and others ... (microsoft.public.windows.server.networking)