Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Block Google Talk on a Cisco ASA 5505

Posted on 2010-09-10
6
Medium Priority
?
2,575 Views
Last Modified: 2012-05-10
I need to block users from being able to use Google Talk, but still have access to Gmail using the ASDM java web interface
0
Comment
Question by:ctechsol
6 Comments
 
LVL 2

Expert Comment

by:Tordan
ID: 33651836
the easiest way is to add records to your DNS server (if you have one) to both talk.google.com and talkx.l.google.com, returning 127.0.0.1.

otherwise you can firewall access to the google talk servers, but the actual addresses might change. I found this page that lists all the stuff you need to block access to:
http://googledoll.blogspot.com/2009/08/how-to-block-gtalk-using-microsoft-isa.html
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33652049
0
 
LVL 7

Accepted Solution

by:
lacrewga earned 200 total points
ID: 33652101
Google Talk uses Port 80, Port 443 and Port 5223 other than Port 5222 for its communication purposes. Google Talk connects to 216.239.37.125, 72.14.253.125 and 72.14.217.189 other than 209.85.137.125. It connects to Ports 5222, 5223, 443 and 80 in all the cases.

Blocking all these 4 addresses blocks Google Talk at both Browser and Talk Client. Note: This does not disable Google mail.
0
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
LVL 57

Expert Comment

by:Pete Long
ID: 33656111
Here you go

object-group network Google-Talk-Servers
 network-object host 216.239.37.125
 network-object host 72.14.253.125
 network-object host 72.14.217.189
 network-object host 209.85.137.125
object-group service Google-Talk-Ports tcp
 port-object eq 5222
 port-object eq 5223
 port-object eq https
access-list outbound line 1 deny tcp any object-group Google-Talk-Servers object-group Google-Talk-Ports

where "outbound" id the name of your outbound access-list - if you do not have an outbound access list you will also need to add

access-group outbound in interface inside

Pete
www.petenetlive.com
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 33658136
In fact This aroused my interest that much I wrote it up http://www.petenetlive.com/KB/Article/0000323.htm

Pete
www.petenetlive.com
0
 
LVL 7

Expert Comment

by:lacrewga
ID: 33668746
ASDM GUI gives you the ability to block the aforementioned ip addresses. If you need specific help, post back.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question