Re: Blocking Google Talk

["Paul D. Robertson" <paul () compuwar net>]

> Wait.... isn't that "security through obscurity"? What prevents the user  
> from using:                                                               
>
> 216.239.37.125   talk.google.com 
>                                                               
> in his hosts file? You are telling me that Google recommends attempting     
> to foil a resolver by returning bogus entries as an attempt to prohibit
> Google Talk traffic in a network? Is that the new Status Quo of Internet  
> giants, giving stupid "un-security" advice like that?                     
>
> Excuse me while I wipe the coffee off my screen and keyboard...       

It's a reasonable first step.  If the user has the ability to modify their 
resolver configuration, then that may be a bigger issue than running a 
chat client.  After all, what's to stop the user from using an SSL tunnel 
to a proxy server somewhere on the Internet?  DNS tunnel?  SSH tunnel...

The answer given is enough to enforce the policy from casual abusers, 
which is really the goal of most protective policy measures.  An active 
and determined abuser needs to be held to a higher standard of account 
than someone who clicked on a link on a Web page.  

Once you've gotten to the circumvention stage, you're in the "removed 
permanently from the network" category of users who deserves termination.  

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
http://fora.compuwar.net      Infosec discussion boards 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards