Slashdot Mirror
Blocking Instant Messengers?
Michael Mattes asks: "I have been looking for a set of ports/subnets to block in order to disable instant messengers behind my firewall. While MSN is easy to block, ICQ is a little more difficult and it seems as though Yahoo Messenger is designed to do everything possible to not be blocked. I have been reading more and more articles showing companies choosing to block these tools. It seems irresponsible of Yahoo to leave, what appears to me, no choice but to block their entire domain in this situation. Any help would be appreciated."
It seems irresponsible of Yahoo to leave, what appears to me, no choice but to block their entire domain in this situation.
Insert economic dissertation here. Make it contain something about free markets, sellers providing goods that buyers don't have to buy and if the sellers don't want to sell a product that a group of buyers want, there is no compulsion for them to do so.
I completely agree that instant messaging has legitimate business uses
Now, granted, you didn't start this one, but you're perpetuating it (the entire rest of your post is about business use).. so I'll ask: _WHERE_ exactly did the submittor say that this is a business environment? (Hint: he didn't.) This could just as easily be a school as a business.
I have a strong dislike for system administrators like the submitter of the question, who seek to block things because everything must be under their control, instead of trying to determine what IM is being used for, perhaps by asking the users.
I have a strong dislike for people who can't open their mind, or assume that the Sysadmin is the one who came up with this.
First, if it's a school, IM should be shut down if students are using it - when I was in school, passing notes was against the rules; I doubt that's changed; so (if it's a school environment) why should the digitial equvalent be allowed?
Second, maybe it's not his decision - perhaps his boss (you know, the GUY WHO PAYS THE SALARIES) has decided that he didn't want IM on his network. So given that, what would you do? Say no? Good luck finding another job.
Third, how do you know that he didn't ask the users?
Fourth, you're pretty much an idiot if you think that the submittor "seeks to block things because everything must be under their control". If that were the case, he'd have a VERY strict firewall, blocking all outbound traffic except that which he wanted (probably web - through a proxy) and nothing else (outbound mail from his mail server), and this question would never have popped up.
"so I can read my personal/business email."
This is exactly the reason why things like IM are blocked at firewalls. because someone wants to read their PERSONAL/business email at work, when they should be working.
so what if you have lunch breaks when it is your personal time? if your PERSONAL/business email is that important, quit your job and work from home. quit whining and bitching about what your employer LEGITIMATELY blocks.
yes, I am a sys admin and maintain the firewall at work. however, I work for a government regulatory agency with no records subject to a Freedom of Information Act. There is a reason we restrict access through our network and why we lock down Internet access to only those ports and services required.
and before you get your panties in a bunch, No, we do not use IM at our agency since we have no reason to. if there was a valid reason, I would still investigate all security concerns before allowing it to be used, since I don't need any holes in my network.
and if you think you are so hot-shit at security, why don't you try hacking me? give 127.0.0.1 a try, moron....
I'm good with numbers -