dear all,
i am a network admin in a company,currently i have to block all kind
of messengers for all clinet pcs' i don't have a hard-ware
firewall.can you tell me how to block these messengers...
lko.abhishek@gmail.com wrote:
> dear all,
> i am a network admin in a company,currently i have to block all kind
> of messengers for all clinet pcs' i don't have a hard-ware
> firewall.can you tell me how to block these messengers...
ehm... deny everything until it's explicitly allowed? Implement this policy
technically and in the work contract?
You're screwed!
On Apr 14, 2:05 am, lko.abhis...@gmail.com wrote:
> dear all,
> i am a network admin in a company,currently i have to block all kind
> of messengers for all clinet pcs' i don't have a hard-ware
> firewall.can you tell me how to block these messengers...
You could do soft routing on a server and have all traffic headed for
the outside world go through that machine. By doing that you can
control which ports are permitted.
Post removed (X-No-Archive: yes)
Sebastian G wrote:
> lko.abhishek@gmail.com wrote:
>
>> dear all,
>> i am a network admin in a company,currently i have to block all kind
>> of messengers for all clinet pcs' i don't have a hard-ware
>> firewall.can you tell me how to block these messengers...
>
> ehm... deny everything until it's explicitly allowed?
Please read the original posting again. He even hasn't got proper a device
to block outgoing traffic with.
> Implement this policy technically and in the work contract?
Well, IM software is known to be quite good at tunneling. Blocking
messengers at the gateway can be a bit tricky.
Wolfgang
Wolfgang Kueter wrote:
> Sebastian G wrote:
>
>> lko.abhishek@gmail.com wrote:
>>
>>> dear all,
>>> i am a network admin in a company,currently i have to block all kind
>>> of messengers for all clinet pcs' i don't have a hard-ware
>>> firewall.can you tell me how to block these messengers...
>> ehm... deny everything until it's explicitly allowed?
>
> Please read the original posting again. He even hasn't got proper a device
> to block outgoing traffic with.
Who's talking about network filtering? You can impliment this policy on the
clients by explicitly denying to execute any program except those on a
whitelist. Bam, the user can't run the messenger software anymore.
>> Implement this policy technically and in the work contract?
>
> Well, IM software is known to be quite good at tunneling. Blocking
> messengers at the gateway can be a bit tricky.
As I told, the technical aspect should just backup the legal aspect.
Juergen Nieveler wrote:
> Send a memo to all employees telling them that messengers are not
> allowed. Wait for a week, then go from machine to machine to search for
> installed messengers.
>
> The first one you find, report the user to the HR department and have
> him admonished and/or fired for violating company policy.
Another option would be to do a quick estimate of how
many hours each engineer spend on messenger every week
(be very liberal in estimating this), multiply by average
income of the engineers and make a point why investing
in a firewall would be cheaper.
- Biswajit
Bangalore/INDIA
create your own firewall. install iptables on a cheap server with 2
network interfaces. put it in the middle of your main WAN traffic
stream. set up the proper rules.
alternatively, a modification on juergen's suggestion. go to every
computer, remove every messenger program, make every user a normal
user (not a local administrator), they won't be able to install any
unauthorized software (this is best practice anyway).
alternatively, set up a GPO on the AD domain (if you're using Active
Directory) to configure client's Windows Firewall rules to not allow
messenger ports.
-Tony