RE: Instant Messaging hash values

["Robinson, Sonja" <SRobinson () HIPUSA com>]

Hard to block at the firewall, they've adapted to random ports, so if
you block 5190 it just moves.  Even worse, many chat web sites are going
right over port 80.  

I'd be interested in the solution myself.  Written warnings and
penalties don't mean anything to anyone.  We've got to block it.  I've
got PHI and financial info to worry about and one disclosure can be
disaster. 


Sonja L. Robinson, CISSP, CIFI, CISA, CISM
Forensic Specialist, Digital Investigations
HIP Information Security Group
Tel: 212-806-4125
srobinson () hipusa com
 

-----Original Message-----
From: Netops [mailto:michael () bluesuperman com] 
Sent: Saturday, August 06, 2005 4:31 PM
To: Nick Duda
Cc: security-basics () securityfocus com
Subject: Re: Instant Messaging hash values

Hello,

        I think that this would be to hard to maintain, why not simple
block the type of traffic on the firewall or proxy server.

Michael


Nick Duda wrote:
> I'm looking to create a software restriction policy via GPO to prevent

> different instant messenger services (AIM, MSN, Yahoo, Trillian..etc) 
> from running based on the hash value. Short of gathering all know 
> binaries for each client is there any way to obtain hash codes from 
> past versions anywhere....perhaps a website with a repository of hash 
> values for binaries?
>
> Thanks in advance,
>
> Nick Duda - Systems Administrator