Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: Edge appliance (firewall) that filters/monitors/recordsinstant messenger?
From: "Darden, Patrick S." <darden () armc org>
Date: Tue, 9 Dec 2008 08:07:42 -0500

The first option you mention is the most secure (default: deny all).  You'll have to remember, however, that HTTP 
tunnelling has become more and more common... leading to a need for a site filtering black list to be thrown into the 
mix.  Or you can make sure your users know your policy (no IM except the officially authorized IM of X using Y) and 
then audit periodically to enforce.

The second option you mention works well also.  However, I don't see it obviating the need for periodica audits either.

Final word: you can roll your own, buy a pre-packaged solution, or hire a service, but you will still need to overlook 
it at least once a week (delve into the logs, check some random connections, get your hands into the guts).  Human 
expertise is a vital part of any security solution.


-----Original Message-----
From: firewall-wizards-bounces () listserv icsalabs com
[mailto:firewall-wizards-bounces () listserv icsalabs com]On Behalf Of
Victor Williams
Sent: Friday, December 05, 2008 9:07 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Edge appliance (firewall) that
filters/monitors/recordsinstant messenger?

I am looking at different technologies to address the constant and 
ever-changing instant messenger issue.  At this point, I'm looking at 
two options really...block everything at the firewall except incoming 
VPN connections, and use a proxy server for any required outgoing 
internet access, and use an internal IM/conferencing service like Office 
Communications Server 2007 that can hook to public IM networks if needed...


Something like the Fortinet firewalls that can 
allow/deny/control/monitor IM/URL/virus/spam/IDS/IPS/etc traffic at the 
perimeter.  We have Secure Computing sidewinders and Cisco ASA's 
in-house already...they can handle everything except the IM traffic.

Management has stated that IM of some kind is required for certain 
employees who are separated by a continent to save on long-distance 
phone usage until VoIP can be fully realized/utilized.

Overall question, does anyone know of any other options that would allow 
me to manage this traffic and be able to provide to management 
transcripts of what is typed, and to whom?

Yeah, I know I could use Ethereal and some other freely available 
things.  Issue is, I want fire and forget, with the ability to let the 
managers to receive/view the reports without my interaction.  Likewise, 
I want someone else (a vendor) to manage the ever-changing issue of IM 
traffic signatures and whatnot, which I would still have to 
handle/decipher going the Ethereal route.

Thanks for your time.

firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]