RE: Blocking Instant Messaging Applications

From: Alexis Villagra - VILSOL LatinAmerica (alexis_at_vilsol.com)
Date: 11/22/05

  • Next message: Bob Radvanovsky: "Re: Writing papers on Information Security"
    To: "Neksus" <neksus@gmail.com>, <jeremy@linuxwiz.net>
    Date: Tue, 22 Nov 2005 03:50:56 -0500
    
    

    easier and les expensive use sonicwall ($500) with IPS enabled

    -----Mensaje original-----
    De: Neksus [mailto:neksus@gmail.com]
    Enviado el: Lunes, 21 de Noviembre de 2005 01:37 p.m.
    Para: jeremy@linuxwiz.net
    CC: security-basics@securityfocus.com
    Asunto: Re: Blocking Instant Messaging Applications

    Jeremy,

    A solution that I implemented in the past (for MSN) is as follow:

    1. Install a firewall, block everything that is a direct connection
    from the desktop.

    2. Install a proxy for FTP, web and https (20/21/80/443). Only the
    proxy server should be allowed to directly connect to the internet.

    3. Put the MSN domain name in your own DNS to prevent the application
    from reaching the server by hoping on port 80. I forgot what is the
    domain name off the top of my head.

    4. Block access to the local hosts file to avoid clever users from
    adding the IP in the file (Windows will read this file first, then
    DNS). Users should not be admins of their own machine.

    5. Install an internal server if you have a large user base (country
    wide or international). Microsoft has one that is easy to setup but
    you'll need to use Windows Messenger instead of MSN messenger. They
    also release Windows Communicator or something close that is Windows
    Messenger on steroids.

    6. Relax and enjoy.

    There might be other ways. I'm just giving you my own recipe.

    (N)


  • Next message: Bob Radvanovsky: "Re: Writing papers on Information Security"

    Relevant Pages

    • Re: Adcaster - argh
      ... > ads via Windows Messenger to known IP addresses. ... Google Toolbar advice section for these.) ... Empty your Temporary Internet Files and shrink the size it stores to about ...
      (microsoft.public.security)
    • Re: Is there a patient reader who gives instruction by tiny steps?
      ... and then popups telling me of a Messenger problem connection stumped me. ... You're using MSN software which is separate from Windows. ... I suspect it may be under your user account and that is the .NET ...
      (microsoft.public.windowsxp.basics)
    • Re: Is there a patient reader who gives instruction by tiny steps?
      ... and then popups telling me of a Messenger problem connection stumped me. ... You're using MSN software which is separate from Windows. ... I suspect it may be under your user account and that is the .NET ...
      (microsoft.public.windowsxp.basics)
    • Re: MSN Messenger 7 problem connecting
      ... >audio/video poblems start only with MSN Messenger 7.0.007? ... >>>download and install v7 I cannot connect to the ... >Internet Security ...
      (microsoft.public.windowsxp.messenger)
    • Re: help on pop ups
      ... Also - does the window title say anything about Messenger? ... a larger problem - your computer has ports open from the Internet. ... For a standalone machine, see www.sygate.com for a free personal firewall, ... or if using Windows XP, you can enable the built-in internet connection ...
      (microsoft.public.win2000.security)