Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blocking Instant Messengers?

Posted by Cliff on from the back-to-email-for-ye! dept.

Michael Mattes asks: "I have been looking for a set of ports/subnets to block in order to disable instant messengers behind my firewall. While MSN is easy to block, ICQ is a little more difficult and it seems as though Yahoo Messenger is designed to do everything possible to not be blocked. I have been reading more and more articles showing companies choosing to block these tools. It seems irresponsible of Yahoo to leave, what appears to me, no choice but to block their entire domain in this situation. Any help would be appreciated."

4 of 146 comments (clear)

  1. Re:dont block entire domain by Stinson · · Score: 5, Informative

    whoops, my bad...not login, but scs.yahoo.com, port 5050...if you just block that then they cant log on

  2. Depends on your ultimate network design by mfos.org · · Score: 4, Informative

    The question is not so much what do you want to block, it is what do you want to allow.

    If all you want is to give access to the web and maybe e-mail. A proxy will do that for you. Squid is nice. That way you only let internal machines connect to other internal machines (i.e. the proxy).

    If that doesn't work just firewall all outgoing ports but the ones that you want (80 for web, 25 and 110 mail, 21 ftp, etc...)

  3. Re:usefullness? by duffbeer703 · · Score: 5, Informative

    The problem is many businesses, such as Healthcare, Insurance and Financial Services have mandatory federal data retention and auditing guidelines that they must meet.

    If communication between employees about a client is made via IM, not only is it insecure, but it is not logged or otherwise recorded anywhere. Without a paper trail, the company cannot defend itself against lawsuits or regulators.

    --
    Conformity is the jailer of freedom and enemy of growth. -JFK
  4. What's the concern here? Security or productivity by andy@petdance.com · · Score: 4, Informative
    I have been looking for a set of ports/subnets to block in order to disable instant messengers behind my firewall.

    What's your goal? What are you trying to accomplish? Are you concerned about security? Then make it known as a security issue ("Don't open IM file attachments").

    But if this is a management issue, where you're concerned about productivity, don't waste your time and money.

    People do not need technology in order to waste time and be unproductive. If some people are being unproductive because of AIM, they'll go be unproductive on the web. If you block the web, they'll go to email. If you block the email, they'll doodle. If you take away the paper and pencil, they'll get up and talk to the guy next to 'em about last night's game.

    Management issues should not be "solved" with technology.