[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
Well said!!! -----Original Message----- From: Joe Pampel [mailto:[email protected]] Sent: Thursday, June 13, 2002 6:33 AM To: [email protected] Subject: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1 one view of the world... Our environment is very demanding (Wall St) and so we have taken great pains to create a stable build for our workstations. They run for months w/o a reboot which I'm very happy about.. From the POV of keeping the machines "flat" as well as security everyone knows not to DL anything. The net result of this is that our staff works efficiently and without the frustration of machine instability and reboots. If folks want/need something extra on their desktops that will help them out, they can always come and ask. There is no reason IMHO for end users to be installing stuff ad hoc on their workstations. They need to understand that. Everyone here does, and it's not a "control freak" or "keep them down" thing.. it's simply letting each group of people do the best job they can and trusting one another. Everyone is cool about it. I don't know if it would hold up at a big firm (we're small, <100) but explaining what's up to everyone rather than just putting in dracronian rules and sending out a memo stating "because I said so".. has worked well. Bottom line for me is that the box belongs to the firm, with everything on it. Part of my job is deciding what goes on it. I am paid for my "expertise" (such as it is!) in assessing what products will work well together, be secure, and most importantly - solve our business problem. I use a lot of end user input/feedback to determine the last bit so it is as participative as possible. I don't play with the accounting rules or dabble in marketing.. Why would someone without the expertise need to alter a machine that our IT dept has spec'd and built, and potentially put others in the firm at risk? >>> James Edwards <[email protected]> 06/12/02 04:38PM >>> We are in the process of changing operating systems on all our PCs and I am going to seriously attempt to just block my users from installing software on their PCs. The theory being of course that if they can't install anything, they can't put IM clients or any of the other various and sundry useless, time wasting, PC eating garbage they are so fond of. I just wonder if anyone else has managed this and how effective it has been. Jim Edwards -----Original Message----- From: Rocky Stefano [mailto:[email protected]] Sent: Wednesday, June 12, 2002 9:43 AM To: [email protected] Subject: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1 This has long been a known problem. Its not a vulnerability with any firewall. There are several methods available to stop IM's from getting out of your network. -----Original Message----- From: A, Kaustubh [mailto:[email protected]] Sent: June 12, 2002 9:05 AM To: [email protected] Subject: [FW-1] [fw-1] Instant Messenger bypass FW-1 Folks, I came to know about an article of Gartner saying that their are some IM bypassing Firewall by scanning open ports. Has anybody tested this CP FW-1 NG? I am afraid if this is a problem with FW-1!!! Firewall Bypass Technology AOL's Instant Messenger has a uniquely slippery client that is designed to bypass firewall port blocking technology, making the product easy to configure from behind a firewall. For example, the AOL client will use any available port, scanning even those reserved for domain naming system (DNS) lookup. This technology enables unsophisticated users to sneak past a firewall with relative ease, effectively establishing breaches in the corporate firewall. Kaustubh A. Technical Consultant HP Services ---------------------------------------------------------------------------- ------- 101-105 Enterprise Center, CTS#55 Off Neharu Road, Vile Parle (East) Mumbai 400099. *+91 (0) 22.616.7331 *GSM:*: [email protected] URL: http://www.ho.com/in ---------------------------------------------------------------------------- ------- ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ********************************************************************** This email and any attachments are confidential. They may contain privileged information and are intended for the named addressee (s) only. They must not be distributed without our consent. If you are not the intended recipient, please notify us immediately and do not disclose, distribute, or retain this email or any part of it. Unless expressly stated, opinions in this email are those of the individule sender, and not of SG. We believe but do not warrant that this e-mail and the attachment are virus free. You must therefore take full responsibility for virus checking. SG and its subsidiaries reserve the right to monitor all email communications through their networks ********************************************************************** ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|