i need help - Firewalls

This is a discussion on i need help - Firewalls ; dear all, i am a network admin in a company,currently i have to block all kind of messengers for all clinet pcs' i don't have a hard-ware firewall.can you tell me how to block these messengers......

+ Reply to Thread
Results 1 to 9 of 9

Thread: i need help

  1. i need help

    dear all,
    i am a network admin in a company,currently i have to block all kind
    of messengers for all clinet pcs' i don't have a hard-ware
    firewall.can you tell me how to block these messengers...


  2. Re: i need help

    lko.abhishek@gmail.com wrote:

    > dear all,
    > i am a network admin in a company,currently i have to block all kind
    > of messengers for all clinet pcs' i don't have a hard-ware
    > firewall.can you tell me how to block these messengers...


    ehm... deny everything until it's explicitly allowed? Implement this policy
    technically and in the work contract?

  3. Re: i need help

    You're screwed!


  4. Re: i need help

    On Apr 14, 2:05 am, lko.abhis...@gmail.com wrote:
    > dear all,
    > i am a network admin in a company,currently i have to block all kind
    > of messengers for all clinet pcs' i don't have a hard-ware
    > firewall.can you tell me how to block these messengers...


    You could do soft routing on a server and have all traffic headed for
    the outside world go through that machine. By doing that you can
    control which ports are permitted.


  5. Re: i need help

    lko.abhishek@gmail.com wrote:

    > i am a network admin in a company,currently i have to block all kind
    > of messengers for all clinet pcs' i don't have a hard-ware
    > firewall.can you tell me how to block these messengers...


    Send a memo to all employees telling them that messengers are not
    allowed. Wait for a week, then go from machine to machine to search for
    installed messengers.

    The first one you find, report the user to the HR department and have
    him admonished and/or fired for violating company policy.

    Lather, rinse, repeat... after a few users are gone, people will get
    the message and respect the policy. You won't have many friends
    anymore, though ;-)

    Juergen Nieveler
    --
    Maths and beer don't mix - so don't drink and derive.

  6. Re: i need help

    Sebastian G wrote:

    > lko.abhishek@gmail.com wrote:
    >
    >> dear all,
    >> i am a network admin in a company,currently i have to block all kind
    >> of messengers for all clinet pcs' i don't have a hard-ware
    >> firewall.can you tell me how to block these messengers...

    >
    > ehm... deny everything until it's explicitly allowed?


    Please read the original posting again. He even hasn't got proper a device
    to block outgoing traffic with.

    > Implement this policy technically and in the work contract?


    Well, IM software is known to be quite good at tunneling. Blocking
    messengers at the gateway can be a bit tricky.

    Wolfgang


  7. Re: i need help

    Wolfgang Kueter wrote:

    > Sebastian G wrote:
    >
    >> lko.abhishek@gmail.com wrote:
    >>
    >>> dear all,
    >>> i am a network admin in a company,currently i have to block all kind
    >>> of messengers for all clinet pcs' i don't have a hard-ware
    >>> firewall.can you tell me how to block these messengers...

    >> ehm... deny everything until it's explicitly allowed?

    >
    > Please read the original posting again. He even hasn't got proper a device
    > to block outgoing traffic with.



    Who's talking about network filtering? You can impliment this policy on the
    clients by explicitly denying to execute any program except those on a
    whitelist. Bam, the user can't run the messenger software anymore.

    >> Implement this policy technically and in the work contract?

    >
    > Well, IM software is known to be quite good at tunneling. Blocking
    > messengers at the gateway can be a bit tricky.



    As I told, the technical aspect should just backup the legal aspect.

  8. Re: i need help

    Juergen Nieveler wrote:
    > Send a memo to all employees telling them that messengers are not
    > allowed. Wait for a week, then go from machine to machine to search for
    > installed messengers.
    >
    > The first one you find, report the user to the HR department and have
    > him admonished and/or fired for violating company policy.


    Another option would be to do a quick estimate of how
    many hours each engineer spend on messenger every week
    (be very liberal in estimating this), multiply by average
    income of the engineers and make a point why investing
    in a firewall would be cheaper.

    - Biswajit
    Bangalore/INDIA


  9. Re: i need help


    create your own firewall. install iptables on a cheap server with 2
    network interfaces. put it in the middle of your main WAN traffic
    stream. set up the proper rules.

    alternatively, a modification on juergen's suggestion. go to every
    computer, remove every messenger program, make every user a normal
    user (not a local administrator), they won't be able to install any
    unauthorized software (this is best practice anyway).

    alternatively, set up a GPO on the AD domain (if you're using Active
    Directory) to configure client's Windows Firewall rules to not allow
    messenger ports.

    -Tony


+ Reply to Thread