RE: Blocking Instant Messaging Applications
From: Alexis Villagra - VILSOL LatinAmerica (alexis_at_vilsol.com)
To: "Neksus" <firstname.lastname@example.org>, <email@example.com> Date: Tue, 22 Nov 2005 03:50:56 -0500
easier and les expensive use sonicwall ($500) with IPS enabled
De: Neksus [mailto:firstname.lastname@example.org]
Enviado el: Lunes, 21 de Noviembre de 2005 01:37 p.m.
Asunto: Re: Blocking Instant Messaging Applications
A solution that I implemented in the past (for MSN) is as follow:
1. Install a firewall, block everything that is a direct connection
from the desktop.
2. Install a proxy for FTP, web and https (20/21/80/443). Only the
proxy server should be allowed to directly connect to the internet.
3. Put the MSN domain name in your own DNS to prevent the application
from reaching the server by hoping on port 80. I forgot what is the
domain name off the top of my head.
4. Block access to the local hosts file to avoid clever users from
adding the IP in the file (Windows will read this file first, then
DNS). Users should not be admins of their own machine.
5. Install an internal server if you have a large user base (country
wide or international). Microsoft has one that is easy to setup but
you'll need to use Windows Messenger instead of MSN messenger. They
also release Windows Communicator or something close that is Windows
Messenger on steroids.
6. Relax and enjoy.
There might be other ways. I'm just giving you my own recipe.