[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 279
  • Last Modified:

Blocking IM sofware without ISA

What is the best way to block IM software, e.g. MS Messenger, MSN Live, Yahoo IM, ICQ, from being used on a SBS network? Workstations are XP SP2, Firewall is on Vigor 2600+ router which is great for blocking web sites, but to block ports or IM clients, very hard to grasp.
0
sinisap
Asked:
sinisap
  • 2
  • 2
1 Solution
 
pjnofrillsCommented:
You could block the port ranges but some of the new IM apps will just tunnel over port 80.
You could use OpenDNS or similar and block the following domains:

ads.icq.com
aimexpress.aol.com
cb.icq.com
csa.yahoo.com
csb.yahoo.com
csc.yahoo.com
e-messenger.net
ebuddy.com
edit.messenger.yahoo.com
gateway.messenger.hotmail.com
http.pager.yahoo.com
http.proxy.icq.com
iloveim.com
koolim.com
login.icq.com
login.oscar.aol.com
meebo.com
messenger.hotmail.com
messenger.yahoo.com
messengerfx.com
msg.edit.yahoo.com
msn2go.com
pager.yahoo.com
talk.google.com
toc.oscar.aol.com
web.icq.com
webmessenger.msn.com
webmessenger.yahoo.com

OpenDNS may have a category block for IM by now, I've been using them for a while now and it works great for small businesses to block certain types of traffic.
0
 
pjnofrillsCommented:
I checked and OpenDNS has a category that will block those sites from resolving properly, which would in effect block use of the program or web based chat/IM.
0
 
sinisapAuthor Commented:
Thanks a ton for suggestion.
I would give it a go, but further more, I'd like to know if it makes any difference where I define DNSs? E.G. I could go though DNS management or through the router (which requires restart of the same) and I'm hesitatnt to do that, since router is in London and I'm on the banks of the Danube :)
0
 
Salman4u_kCommented:
if you are using active directory in your organization, then you will create one OU in active directory users and computers and add the users in to the OU which you want to block IMs then go to group policy for current OU.
expand the computer configuration, go to windows settings, then security settings expand software restriction policies, on additional rules right click and click on new path rule , for example i installed msn messenger on server and took the local path of msn messenger in path option and set the security level disallowed and click ok and then on client side computer go to start run and type gpupdate /enforce. the policy will update and test the msn messenger. it will blocked. so  you can block all IMs with same step as we block msn messenger.

Thanks
0
 
sinisapAuthor Commented:
Not only was your answer just the right thing I was looking for, but it improved network speed in addition, too. So simple yet excellent solution!
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now