Firewall Wizards mailing list archives
Re: Edge appliance (firewall) that filters/monitors/recordsinstant messenger?
From: "Darden, Patrick S." <darden () armc org>
Date: Tue, 9 Dec 2008 08:07:42 -0500
The first option you mention is the most secure (default: deny all). You'll have to remember, however, that HTTP tunnelling has become more and more common... leading to a need for a site filtering black list to be thrown into the mix. Or you can make sure your users know your policy (no IM except the officially authorized IM of X using Y) and then audit periodically to enforce. The second option you mention works well also. However, I don't see it obviating the need for periodica audits either. Final word: you can roll your own, buy a pre-packaged solution, or hire a service, but you will still need to overlook it at least once a week (delve into the logs, check some random connections, get your hands into the guts). Human expertise is a vital part of any security solution. --p -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com]On Behalf Of Victor Williams Sent: Friday, December 05, 2008 9:07 PM To: Firewall Wizards Security Mailing List Subject: [fw-wiz] Edge appliance (firewall) that filters/monitors/recordsinstant messenger? I am looking at different technologies to address the constant and ever-changing instant messenger issue. At this point, I'm looking at two options really...block everything at the firewall except incoming VPN connections, and use a proxy server for any required outgoing internet access, and use an internal IM/conferencing service like Office Communications Server 2007 that can hook to public IM networks if needed... Or... Something like the Fortinet firewalls that can allow/deny/control/monitor IM/URL/virus/spam/IDS/IPS/etc traffic at the perimeter. We have Secure Computing sidewinders and Cisco ASA's in-house already...they can handle everything except the IM traffic. Management has stated that IM of some kind is required for certain employees who are separated by a continent to save on long-distance phone usage until VoIP can be fully realized/utilized. Overall question, does anyone know of any other options that would allow me to manage this traffic and be able to provide to management transcripts of what is typed, and to whom? Yeah, I know I could use Ethereal and some other freely available things. Issue is, I want fire and forget, with the ability to let the managers to receive/view the reports without my interaction. Likewise, I want someone else (a vendor) to manage the ever-changing issue of IM traffic signatures and whatnot, which I would still have to handle/decipher going the Ethereal route. Thanks for your time. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Edge appliance (firewall) that filters/monitors/records instant messenger? Victor Williams (Dec 08)
- Re: Edge appliance (firewall) that filters/monitors/recordsinstant messenger? Darden, Patrick S. (Dec 09)
- Re: Edge appliance (firewall) that filters/monitors/records instant messenger? K K (Dec 09)
- Re: Edge appliance (firewall) that filters/monitors/records instant messenger? Paul D. Robertson (Dec 09)
- Re: Edge appliance (firewall) that filters/monitors/records instant messenger? ArkanoiD (Dec 10)
- Re: Edge appliance (firewall) that filters/monitors/records instant messenger? Victor Williams (Dec 11)
- Re: Edge appliance (firewall) that filters/monitors/records instant messenger? Jim Seymour (Dec 11)