Re: block IM

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 08/19/05 

Date: Fri, 19 Aug 2005 15:15:05 -0500

Here is a copy of a reply I recenty did for another poster on nearly the
same subject that may be helpful to you also. --- Steve

I believe that you could stop it with ISA 2004 [free to try] using
application filters for
http to stop it from tunneling through port 80 TCP. For those of us with
more conventional firewalls it probably is a matter of trying to track down
the servers it uses which you might be able to track down by examining your
firewall logs. Beyond that you may have to rely on personal firewalls such
as Zone Alarm, Sygate, etc that can block access to the internet based on
application rules. Of course for that to work well the users would have to
be regular users because local administrators could possibly reconfigure or
disable the firewall service. You might also try using Group Policy.
Windows XP Pro can use Software Restriction Policies that are very effective
at controlling what applications a user can run or install on their
computer. Windows 2000 can blacklist applications though if the user has the
ability to rename the executable they could work around the blacklist. See
the links below for more details if interested. --- Steve

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/httpfiltering.mspx
 --- ISA 2004 application filtering.
http://www.microsoft.com/isaserver/evaluation/trial/default.mspx --- ISA
2004 Evaluation Edition.
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
  --- XP Pro SRP
http://support.microsoft.com/default.aspx?scid=kb;en-us;323525 --- GP
restrict applications by executeable
http://www.technobabble.com.au/technobabble/html/tweaks/Group%20Policy%20Registry%20Editor.htm

"NewsGrp" <nospam@nowhere.com> wrote in message
news:uFNkTmNpFHA.616@TK2MSFTNGP15.phx.gbl...
>I have many users who are using IM thru ports 80 and 21, which our
>firewalls dont block.
> Is there a policy / GPO for block these (AIM, yahoo and ms IM)
>
> thanks
>
> craig
>

Relevant Pages

  • Re: Trying to find a good firewall
    ... > specific applications, only problem is, it has no MD5 or other scheme to ... Tiny is good, as is Kerio 2.1.5. ... what do you mean by "per-app and per-site configs"? ... And, like virtually all software firewalls, it ...
    (comp.security.firewalls)
  • Re: ISA Server or Firewall Appliance?
    ... same about ISA Server, and I put a lot of faith in the product working ... clustered deployments spanning multiple vlans with thousands of clients. ... appliance vendors really do matter - I see a lot of checkpoint firewalls ... The fact that it's running on a general purpose operating system, ...
    (Focus-Microsoft)
  • Re: VMS cluster behind a *NIX firewall
    ... you are talking about homegrown firewalls rather than commercial offerings). ... growing market share and VMS is shrinking. ... I run VMS, Solaris, RHEL, and Windows XP at home. ... Applications, applications, applications, applications,... ...
    (comp.os.vms)
  • Re: [fw-wiz] Firewalls Compared
    ... The whole base of network security has always been traffic inspection. ... > Firewalls MUST be in a default DENY mode." ... Curing the symptom is not a cure for the disease. ... applications and make them not suck. ...
    (Firewall-Wizards)
  • Re: ISA Server or Firewall Appliance?
    ... The annoying SBSer with ISA on her box is going to challenge you on that ... Our firewalls are not our perimeters any more. ... >> Is it better to have a firewall appliance or ... > top of, with a proprietary operating system (typically based on freebsd, ...
    (Focus-Microsoft)