Snort mailing list archives

RE: Chat/IM

From: Joe Thompson <jt () techforless com>
Date: Thu, 15 Apr 2004 10:01:50 -0600

                
                Does anyone have an effective way of blocking chat/IM?


We've used a combination of blocking the login servers and strict
blocking of ports above 1024 for users that do not need outside access
other than 80/443.  We've got it a bit easier having our mail and DNS
servers onsite as we can plan our infrastructure around it.

Blocking login servers is a constant pain, and requires a bit of work. 
In the end I just used domain policy to restrict the applications
themselves.  Every so often someone manages to get a client up, but that
is just as easily fixed by our detection and strict written policies
from management.

I've noticed that rarely is written policy enforcement and management /
leadership brought up when it comes to security topics.  This is
something I think needs to be addressed in all instances, it's a much
more effective strategy overall, especially when combined with good
monitoring.
-- 
Joe Thompson
Tech for Less, Inc.
719-886-8000 Ext. 236 (office)
719-287-9358 (mobile)

Message Signed with GnuPG (www.gnupg.org)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.1 (GNU/Linux)
 
mQGiBEBx8s4RBACWKlS2hpsYNhgf/uxPIb1x6k6s5gDGJukB//pr4jcMEgBsJ8j2
szoP/49j3y1xKmExn8R2jC2zCnDKymW4cGrmPts+/DsXiRzwDgP2mHBmh27MEXUX
RkoP5R6IBE7PrRWPJMPpx8F5Eiynx9Ng/eWd77snyWTY1evdpFcrqSAL1wCgiopL
NyyEuohqvcY4+HFXIIWgIu0D/3n9IXmD3+C3w5AfmMhtYvq8IGNVoVBzG+cEPbuY
cYjJMBrj+SCIQ++UnQPK3noQCymCozWQpM/ZEjVWdo0oAUSAdOlMaDs/3zgU0sTz
+PYDpxNQGbmFSOSXQ+nMrY6GFlhQCIPpXtMKUoXWjUijJOwaXbXWhMnjYLs3cW/+
FTJAA/9J4qon+Rp3EtWOq7huIJPW5UFMpjrJg+ajWpwNn5N0loLNRbXompguUGe5
yQAUbrffWXWB2HO/0BKEO4LcV5D1o10X7fgk7oRCZlSRCGb0HwBKPohKgRtEv3FX
fR5GF8c1FYjaZE4obtneo2WVOY6nHekDJjR/6gevq8TOiZDad7QhSm9lIFRob21w
c29uIDxqdEB0ZWNoZm9ybGVzcy5jb20+iFkEExECABkFAkBx8s4ECwcDAgMVAgMD
FgIBAh4BAheAAAoJEKOxnfEz8MR3bnMAnjnf9x0O6ynKSYYU6mpCPCF2bePBAJsF
8TXdm6BM56MqUP9IK+8UG61Wx7kCDQRAcfLdEAgAhI2ehwKO/AqkI1aJ8WyjEdiX
yGHUJrr+i3amgi0YVvtVwQU46Tu8OI+WMbl9M6JMOCoTKv5Oq6rD2wHDVLOBygfl
S2HY8fuYWZkLVxJlZtTqC0r7Xc2qwPiDGrRxdNDz7fgMRVopWLO6s5IlYVkUBAJt
TAF99PdiX5BVzFHQvloAulKiIbcFCkK7G9Y3Mgt297zItDyCMRaZCaVV7fcWNozP
oRjHLMjFCDLzpRXlNhOVDQxbAkLWJpoDOujcYStXxYQ8BCsG1opfsfKohD3tIkNc
SK5bY7LmNhFwHAf+HDDpTwC4LcQXugsPiixFRqodRIA2NwHidDarKW0YyzagewAD
BQf9Ee1AZ4rv9FquuF56UOgB2N4LZtKwxrIqYg+UueUXmX0qm8RRVpKX41cSR/jL
1IwkCNE3f69HhxYGPkRT1ttGlldOf6xHj82nJGN5CKuy4KBPsqS4478mPi1d1biS
o7qG9EgxyM1ga5q3wlSY9omzn6exDDY45i3sxaHeUjmOU0rlFOUJNpqgQ83TEQTa
1uEsVnnk+O4PBNZiWhvhZ38jab333UUNEiv69yEW1AMc4rQm+LxS3uWqablM+8gZ
Bt5D1qUZaa+DoQv72wolvsbIZg2wxCsbFlI6FrkHBHXkN4NVL8/Hpc7qcr613cOA
0MgVs6MXQD0y7eQkCH10549QTIhGBBgRAgAGBQJAcfLdAAoJEKOxnfEz8MR3nocA
n0lhxI76ZB7V06J1Xt1ix2e2vt6aAJ9sBV/aD4v64BwRJjjxloTqBVAWjg==
=kIbN
-----END PGP PUBLIC KEY BLOCK-----

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

RE: Chat/IM, (continued)
- RE: Chat/IM Rowland, Krisa W ERDC-ITL-MS Contractor (Apr 13)
- RE: Chat/IM Harper, Patrick (Apr 13)
  - Re: Chat/IM Remko Lodder (Apr 13)
    - Re: Chat/IM Craig Paterson (Apr 13)
    - Re: Chat/IM Bryan Irvine (Apr 13)
- RE: Chat/IM Harper, Patrick (Apr 13)
- RE: Chat/IM Larry Pitcher (Apr 13)
- Re: Chat/IM Mark . Schutzmann (Apr 14)
- RE: Chat/IM Rowland, Krisa W ERDC-ITL-MS Contractor (Apr 14)
- RE: Chat/IM Lyons, Jon (Apr 14)
  - RE: Chat/IM Joe Thompson (Apr 15)