I'm sure we've all heard it before, and I just did a search and didn't find anything recent or conclusive. So here it goes...
AIM,MSNM,ICQ....how do you block these at the perimeter. The only solution I've heard so far is to implement and enforce a better security policy. Well that's all fine and good, but when you have sites sprawled all over North America, its hard to keep an eye on them. I've heard other solutions involving registry edits in the login script as well. Its also feasible to deny access to the providers logon servers, but if they change, then everything is open again. I just feel that we should be able to block these things on one machine, that one of course being the firewall.
I know that almost all of these products go through port 80 if the one they ususally use is being blocked. So how does one stop this traffic? Of course a packet filter style firewall will be totally useless, but what about an application level firewall? Can't you filter out packets from these products?
Using Checkpoint's FW-1 I was able to block MSNM using its URL filter to block the string that it sends to its logon server. So I thought it might be just as easy with ICQ, but didn't quite work that way.
There has to be something we can use to filter these out without worrying about them slipping through the cracks 3 weeks down the line.
Has anyone had any success in this endeavor?
AIM,MSNM,ICQ....how do you block these at the perimeter. The only solution I've heard so far is to implement and enforce a better security policy. Well that's all fine and good, but when you have sites sprawled all over North America, its hard to keep an eye on them. I've heard other solutions involving registry edits in the login script as well. Its also feasible to deny access to the providers logon servers, but if they change, then everything is open again. I just feel that we should be able to block these things on one machine, that one of course being the firewall.
I know that almost all of these products go through port 80 if the one they ususally use is being blocked. So how does one stop this traffic? Of course a packet filter style firewall will be totally useless, but what about an application level firewall? Can't you filter out packets from these products?
Using Checkpoint's FW-1 I was able to block MSNM using its URL filter to block the string that it sends to its logon server. So I thought it might be just as easy with ICQ, but didn't quite work that way.
There has to be something we can use to filter these out without worrying about them slipping through the cracks 3 weeks down the line.
Has anyone had any success in this endeavor?