dear all,
i am a network admin in a company,currently i have to block all kind
of messengers for all clinet pcs' i don't have a hard-ware
firewall.can you tell me how to block these messengers...

lko.abhishek [at] gmail.com wrote:

> dear all,
> i am a network admin in a company,currently i have to block all kind
> of messengers for all clinet pcs' i don't have a hard-ware
> firewall.can you tell me how to block these messengers...

ehm... deny everything until it's explicitly allowed? Implement this policy
technically and in the work contract?

You're screwed!

On Apr 14, 2:05 am, lko.abhis... [at] gmail.com wrote:
> dear all,
> i am a network admin in a company,currently i have to block all kind
> of messengers for all clinet pcs' i don't have a hard-ware
> firewall.can you tell me how to block these messengers...

You could do soft routing on a server and have all traffic headed for
the outside world go through that machine. By doing that you can
control which ports are permitted.

Post removed (X-No-Archive: yes)

Sebastian G wrote:

> lko.abhishek [at] gmail.com wrote:
>
>> dear all,
>> i am a network admin in a company,currently i have to block all kind
>> of messengers for all clinet pcs' i don't have a hard-ware
>> firewall.can you tell me how to block these messengers...
>
> ehm... deny everything until it's explicitly allowed?

Please read the original posting again. He even hasn't got proper a device
to block outgoing traffic with.

> Implement this policy technically and in the work contract?

Well, IM software is known to be quite good at tunneling. Blocking
messengers at the gateway can be a bit tricky.

Wolfgang

Wolfgang Kueter wrote:

> Sebastian G wrote:
>
>> lko.abhishek [at] gmail.com wrote:
>>
>>> dear all,
>>> i am a network admin in a company,currently i have to block all kind
>>> of messengers for all clinet pcs' i don't have a hard-ware
>>> firewall.can you tell me how to block these messengers...
>> ehm... deny everything until it's explicitly allowed?
>
> Please read the original posting again. He even hasn't got proper a device
> to block outgoing traffic with.


Who's talking about network filtering? You can impliment this policy on the
clients by explicitly denying to execute any program except those on a
whitelist. Bam, the user can't run the messenger software anymore.

>> Implement this policy technically and in the work contract?
>
> Well, IM software is known to be quite good at tunneling. Blocking
> messengers at the gateway can be a bit tricky.


As I told, the technical aspect should just backup the legal aspect.

Juergen Nieveler wrote:
> Send a memo to all employees telling them that messengers are not
> allowed. Wait for a week, then go from machine to machine to search for
> installed messengers.
>
> The first one you find, report the user to the HR department and have
> him admonished and/or fired for violating company policy.

Another option would be to do a quick estimate of how
many hours each engineer spend on messenger every week
(be very liberal in estimating this), multiply by average
income of the engineers and make a point why investing
in a firewall would be cheaper.

- Biswajit
Bangalore/INDIA

create your own firewall. install iptables on a cheap server with 2
network interfaces. put it in the middle of your main WAN traffic
stream. set up the proper rules.

alternatively, a modification on juergen's suggestion. go to every
computer, remove every messenger program, make every user a normal
user (not a local administrator), they won't be able to install any
unauthorized software (this is best practice anyway).

alternatively, set up a GPO on the AD domain (if you're using Active
Directory) to configure client's Windows Firewall rules to not allow
messenger ports.

-Tony