Re: Blocking Instant Messaging Applications

[Neksus <neksus () gmail com>]

Jeremy,

A solution that I implemented in the past (for MSN) is as follow:

1. Install a firewall, block everything that is a direct connection
from the desktop.

2. Install a proxy for FTP, web and https (20/21/80/443). Only the
proxy server should be allowed to directly connect to the internet.

3. Put the MSN domain name in your own DNS to prevent the application
from reaching the server by hoping on port 80. I forgot what is the
domain name off the top of my head.

4. Block access to the local hosts file to avoid clever users from
adding the IP in the file (Windows will read this file first, then
DNS). Users should not be admins of their own machine.

5. Install an internal server if you have a large user base (country
wide or international). Microsoft has one that is easy to setup but
you'll need to use Windows Messenger instead of MSN messenger. They
also release Windows Communicator or something close that is Windows
Messenger on steroids.

6. Relax and enjoy.

There might be other ways. I'm just giving you my own recipe.

(N)