Novell Home

Blocking Instant Messengers

Novell Cool Solutions: Tip

Digg This - Slashdot This

Posted: 1 Mar 2002
 

A few of our government readers have been asked by their bosses to block the use of all Instant Messengers (i.e. AIM, ICQ, MSN Messenger, Yahoo Messenger). We ran the question past a few of our brighter guys here at Novell and came up with a few suggestions. If you have an idea, let us know.

Scott V: Enable filtering on your BorderManager box (if all packets going to the Internet pass through it) or enable filters on your router. The problem is that many of the clients can use different ports, so you'll want to look at blocking all access to say, login.icq.com, or login.oscar.aol.com. It will be a bit of a battle since you can configure many of the clients to use SOCK servers too.

Jesse P: I would suggest being more restrictive with the firewall with packet filters.

Apply the default filters, which block everything except access explicitly by the proxy software via standard ports. Then you might want to open up ports used by the customers apps, and perhaps also open up ICMP so that pings and traces will work.

Most messengers can operate on various ports, so you have no hope of blocking them selectively, the best hope is to implement a proper non-transparent proxy.

John P: At least with ICQ I can just switch it to an open port so simple filtering won't work. It appears with AIM, Yahoo, and MSN I can do the same. I remember when Novell I.S. had it locked down tight and we just used port 53 (DNS) to circumvent it. Worked like a charm.

So the best policy is just that; *a policy* preventing the use of Instant Messengers. Or, don't fight it and start controlling it.

Reader Comments:

Stephen Gauss
A while back I read about an app in ZENworks Cool Solutions that lets you check for applications running on user desktops and gives you the ability to shut them off. If it were me, I would use this app to check for the messenger programs and shut them off.

(The program Stephen is referring to is called "Program Killer". You can read about it in ZENworks Cool Solutions.)


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell