Security Basics mailing list archives
Re: Prohibiting Chat Software Activation on Client Machines
From: Scott.Swenka () sunhealth org
Date: Mon, 9 Feb 2004 09:27:14 -0700
I dont believe there is a way on the server side either. But our implementation is using Verso Technologies Netspective WebFilter, it does not sit inline, it simply "sniffs" a port on the switch that is mirrored/spanned that goes to the internet connection. It's very effective, they can download the software (if your not blocking that catagory), it will let them install it, but when they goto connect to the chat server, it simply will break the connection and send a reset to the requested server stopping the connection. All the user sees is a timeout as their requests are never making it even outside of the network. You can even tie this in NDS and AD to translate the users IP address to their login name, and know exactly when they tried to use the client. Same goes for P2P services. http://www.verso.com/enterprise/access/netspective/index.html Scott S. Lindner <lindner_marek To: security-basics () securityfocus com @yahoo.de> cc: Subject: Re: Prohibiting Chat Software Activation on Client Machines 02/08/2004 02:46 PM SHELDON QUINNY schrieb:
Hi Guys... I am loooking for an software that can control chat software on client machine.... I got and windwos 2000 server install and isa...server...and i want an software thatt i can install on my server and then control the clien machines i.e not allowing them to open any chat softwares so that they can chat.... if any one has any software in mind ..pls could u contirbute ur knowledge and is there anyway if u can conrtol client pc thru polices in windows 2000 server... pls let me know how can this be posible... thank you sheldon
I think there is no way to achieve this with the windows policies or any other software. How should any policy or software distinguish between a "normal" program or a chatprogram ?? A solution could be to route all traffic through a single machine and their you restrict the access to the internet. Example: Your clients are allowed to browse the net, send Mail via SMTP and receive Mail via POP3. So, you allow HTTP,SMTP and POP3 and block the rest. You could even increase your control by using proxies. Regards, Marek --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Prohibiting Chat Software Activation on Client Machines SHELDON QUINNY (Feb 06)
- Re: Prohibiting Chat Software Activation on Client Machines Lindner (Feb 09)
- <Possible follow-ups>
- Re: Prohibiting Chat Software Activation on Client Machines H Carvey (Feb 09)
- RE: Prohibiting Chat Software Activation on Client Machines Sarbjit Singh Gill (Feb 09)
- Re: Prohibiting Chat Software Activation on Client Machines Scott . Swenka (Feb 09)
- Re: Prohibiting Chat Software Activation on Client Machines Gene (Feb 09)