re: What addresses to put on my NEW black list?

["Steve Barron" <thurgoodj187 () hotmail com>]

Why not apply the principle of least privilege to take care of this? Permit 
only what should be allowed and block everything else.

Ex.
permit tcp mailserver any eq 25
Permit other outbound expected traffic
Permit tcp any any eq 80
Permit tcp any any eq 443
Deny any any

This should take care of 95% of instant messaging, streaming media and file 
sharing. Also, there are different implementations of instant messaging, p2p 
that run over port 80 to circumvent such firewall policy, but this may be a 
good start.I would suggest content filtering that allows  group and 
individual URL blocking, and my experience with Websense has been great 
although there are many vendors that offer other products. Check with your 
firewall vendor for products that can be integrated.
Good Luck

Steve



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------