[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Blocking Yahoo Messenger via DNS name
I have always found it sensible to approach this as a behavior problem, not a technical problem. Rather than trying to block it all on the firewall, which is not very effective, simply find and discipline those users who are violating the security policy (you do have a security policy, right?). After a few users are taken to task, there won't be any more problems. Another suggestion is to lock down the clients. Don't allow anyone to install anything that is not authorized. I always like to suggest that the 'My Computer' icon be changed to '<This company>'s Computer' just to make the point. There are many alternatives that can be used instead of limiting Internet access to just a few people. -----Original Message----- From: Steve Crume [mailto:[email protected]] Sent: Friday, July 26, 2002 3:51 PM To: [email protected] Subject: Re: [FW-1] Blocking Yahoo Messenger via DNS name The problem with blocking the NEW Yahoo IM is not going to get easier. Yahoo and others have embraced a philosophy of bypassing Firewalls by any means possible. The latest is by using any open outgoing port to the numerous servers located in numerous networks. After a while by adding and relocating even just one IM server users behind your firewall are able to start using the security prone IM's once more. Yahoo is also mingling there services so beware. You may find that by blocking a valid IM logon server that users may not be able to get to regular Internet content from various My.yahoo.com. The new breed of IM no longer uses a single port or server to verify and logon to the service. I believe I have a list of 11 servers by IP address and FQDN names, and users can still go out and use Yahoo IM on the desktop. I believe that the time will come to make internet access a guarded privilege for the few. I wish I had more time to putz around to block Yahoo Instant Messenger just for the pure pleasure of it. Have fun. -----Original Message----- From: Russell Washington [mailto:[email protected]] Sent: Friday, July 26, 2002 1:43 PM To: [email protected] Subject: [FW-1] Blocking Yahoo Messenger via DNS name Can anyone quickly run down the "right" way under FW-1 4.1 to block Yahoo Messenger via the DNS names of its login servers cs.yahoo.com and scsa.yahoo.com? The block-by-IP approach doesn't work too well (see http://www.oofle.com/messaging/Yahoo/index.htm) and the last time I tried to get a 4.1 box involved with a domain object the results were severely messy :) Thx! ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|