RE: Messenger service abuse (from inside the network)

["Zachary Mutrux" <zmutrux () compumentor org>]

Like Shawn said, use NTFS permissions to deny access to the net.exe program,
to anyone but system and whatever groups should have authorized access. No
need to visit each computer individually, these settings can be assigned via
group policy.

However, this won't stop someone from bringing his own copy of net.exe in on
a floppy or downloaded from the Internet.

Does anyone know of a good replacement for the Messenger service? I would be
particularly interested in a cross-platform (Mac/PC) solution. Or something
that will let the Mac receive notes sent via the Messenger service. Maybe
that should be a separate thread.

If the students' computers aren't already on their own separate network,
that might be a place to start. Then their Messenger hijinks won't affect
computers used by teachers and administration.

I like the idea of being able to block messenger traffic with a packet
filter, but where would this be implemented? Not on the firewall, not on the
server. It would have to be implemented on all the workstations. Is there a
way to do that in W2K Pro? A managed personal firewall might work, but the
administrative overhead is too high to justify, just to stop this problem.

zm

> -----Original Message-----
> From: Shawn Jackson [mailto:sjackson () horizonusa com]
> Sent: Wednesday, December 03, 2003 4:48 PM
> To: Alexander Lukyanenko; security-basics () securityfocus com
> Subject: RE: Messenger service abuse (from inside the network)
>
>
>       Just ACL the net command to SYSTEM, DOMAIN ADMINS, etc. Make
> sure you got everything locked down on the system (gpedit.msc). Also
> make sure they aren't installing any software for messenger spamming.


---------------------------------------------------------------------------
----------------------------------------------------------------------------