NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Blocking Yahoo Messenger via DNS name



I have always found it sensible to approach this as a behavior problem, not
a technical problem. Rather than trying to block it all on the firewall,
which is not very effective, simply find and discipline those users who are
violating the security policy (you do have a security policy, right?). After
a few users are taken to task, there won't be any more problems.

Another suggestion is to lock down the clients. Don't allow anyone to
install anything that is not authorized. I always like to suggest that the
'My Computer' icon be changed to '<This company>'s Computer' just to make
the point.

There are many alternatives that can be used instead of limiting Internet
access to just a few people.

-----Original Message-----
From: Steve Crume [mailto:[email protected]]
Sent: Friday, July 26, 2002 3:51 PM
To: [email protected]
Subject: Re: [FW-1] Blocking Yahoo Messenger via DNS name


The problem with blocking the NEW Yahoo IM is not going to get easier. Yahoo
and others have embraced a philosophy of bypassing Firewalls by any means
possible.  The latest is by using any open outgoing port to the numerous
servers located in numerous networks. After a while by adding and relocating
even just one IM server users behind your firewall are able to start using
the security prone IM's once more. Yahoo is also mingling there services so
beware.  You may find that by blocking a valid IM logon server that users
may not be able to get to regular Internet content from various
My.yahoo.com.  The new breed of IM no longer uses a single port or server to
verify and logon to the service.  I believe I have a list of 11 servers by
IP address and FQDN names, and users can still go out and use Yahoo IM on
the desktop.  I believe that the time will come to make internet access a
guarded privilege for the few.  I wish I had more time to putz around to
block Yahoo Instant Messenger just for the pure pleasure of it.  Have fun.

-----Original Message-----
From: Russell Washington [mailto:[email protected]]
Sent: Friday, July 26, 2002 1:43 PM
To: [email protected]
Subject: [FW-1] Blocking Yahoo Messenger via DNS name


Can anyone quickly run down the "right" way under FW-1 4.1 to block Yahoo
Messenger via the DNS names of its login servers cs.yahoo.com and
scsa.yahoo.com?  The block-by-IP approach doesn't work too well (see
http://www.oofle.com/messaging/Yahoo/index.htm) and the last time I tried to
get a 4.1 box involved with a domain object the results were severely messy
:)

Thx!

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.