Q: How do I ban MSN Messenger, Yahoo Messenger, Skype and other chat programs on an enterprise LAN? My network connects to the Internet through a hub, and from the hub it connects a wireless router/modem to the Internet. I've tried blocking URLs and outgoing ports, but to no avail. I can't install any blocking software because I don't have a server in between the router and the network PCs.
A: As you have discovered already, imposing controls on the use of Instant Messaging (IM) within an enterprise network is not easy, but let's review your options, starting with some non-technical aspects.
The first step for an enterprise that wants to keep its network free of MSN Messenger, Yahoo Messenger, Skype and other programs of that kind must be to establish an information security policy that outlaws them. Make sure all employees are aware of the policy and the penalties for violating it. In this phase, try to present the logic for the ban: the fact that IM is a serious attack vector, and using it on the network undermines the security and viability of the company.
If any use of these programs is detected after the policy has been publicized, you must then apply the stated penalties. Failure to do so will render the policy moot, undermining efforts to enforce it, either through technology or simple oversight. The good news is that, depending upon your corporate culture, a properly handled policy outlawing IM may solve your problem.
Unfortunately, some companies shy away from a policy approach. To those who don't like personal confrontation, it might seem more appealing to implement bans and other policy decisions by technical means alone. This is a risky strategy, however, that should be avoided for several reasons. Apart from the legal jeopardy already mentioned, it's difficult and taxing to win a war of wills on the technical front. Instant Messaging services are adept at evading firewalls. IM clients can automatically adjust their settings to connect to IM servers, even if direct access to those servers is blocked on all network ports. The client will use an HTTP proxy server to pass through the firewall.
You might also want to ask why IM should be banned. After all, there are legitimate business uses for IM. One strategy might be to formally implement IM using an enterprise Instant Messaging (EIM) service. Microsoft's Office Communications Server, for example, not only incorporates IM firewall technologies, but can also integrate access control with Active Directory. This is my preferred security configuration because a proper identity and authentication management system can block specific users or specific groups of users from accessing IM services.
If there is a need to monitor and control IM traffic across an entire network, consider using an application-layer firewall, which controls the traffic to and from a user-defined list of Instant Messaging server hostnames. You can also try a gateway specifically tuned to detect IM and P2P use, such as the products from FaceTime Communications and Akonix Systems.
Source: SearchSecurity
Instant messaging news, reviews, software. LAN instant messaging, Corporate instant messaging, Business messengers, Intranet communication solutions.
Subscribe to:
Post Comments (Atom)
Durov: The phone of the richest man in the world was hacked through WhatsApp.
The founder of "VKontakte" and Telegram Pavel Durov said that back in November 2019 he warned about the vulnerability of the Whats...
-
Computer's personal often face problems when they have to take a break from their PC for some time and can’t answer to emails and instan...
-
We have received a question about using Instant Messaging services (such as AIM, Yahoo, MSN Messenger & Skype Chat) in the office: “Is i...
-
One of the common threads in the organizations that I’ve worked with in the last decade or so is a near ubiquitous use of IM, usually AOL’s ...
No comments:
Post a Comment