Slashdot Mirror
Blocking Instant Messengers?
Michael Mattes asks: "I have been looking for a set of ports/subnets to block in order to disable instant messengers behind my firewall. While MSN is easy to block, ICQ is a little more difficult and it seems as though Yahoo Messenger is designed to do everything possible to not be blocked. I have been reading more and more articles showing companies choosing to block these tools. It seems irresponsible of Yahoo to leave, what appears to me, no choice but to block their entire domain in this situation. Any help would be appreciated."
Catch someone using an IM, have them written up for some trumped up violation.
If you're anal enough to want to block the IMs in the first place, why not go whole hog and just implement a policy?
I have been pwned because my
Instant messengers have significant legitimate uses.
For instance, in my organization, we use instant messaging to communicate about projects without leaving our workspaces, which can lead to further distractions and reduce productivity.
Blocking all instant messaging would, in my mind, be akin to blocking all email. What really ought to take place is a formal policy about non-work use of IM. In my experience, reducing communication ability is never a good thing.
*everything* is Orwellian to cats.
You're trying to do what? Not allow users to one resource on the net, but allow them to others. It wont work. If I can buy a book from Amazon, I can connect SSL to most anywhere and proxy anything I want over that (I am proxying VNC/SSH/HTTP/SSL right now through an extremely restrictive firewall so I can read my personal/business email.).
Would it be easier to replace the workers who are abusing their net privleges with better workers or software than to try to constrain them into a position where they can only do work? (Maybe I'm not the one who should be promoting this...see above activity.)
Joe
Joe Batt Solid Design
Trying to block communications technologically is attacking the problem at the wrong level. Instant messaging can be a great benefit to work for alot of people, because it allows for a very quick exchange of information. He can ask an old co-worker for help or his ideas on a problem, or his wife can tell him to stop and get milk on the way home. If the worker doesn't have IM, he'll probably just use email or a phone anyway - and it sucks up a lot more time to write a full email or make a phone call than it does to IM "MathWhizz42" with "What's 2+2?".
If your users really shouldn't be using IM, it's time to just pay attention to what they're doing on the job. If they skip out on work to chat on IM, they're probably quite likely to be blowing time reading Slashdot or playing Hearts, too.
Employees are alot like kids - don't try to install all kind of technological gadgets to try to stop them from doing things - they'll always find a way around it. Try just paying attention to them directly instead. Employees are not "set it and forget it" things.
-Andrew
which says "don't use instant messengers". The rest of the equation depends on why you want to block IM. If you're worried about information leakage, then you need to shut down everything and just allow logged proxy access.
Because private comms is going outside your company and could possibly be open to sniffing by the IM host. _IE company confidential material if leaving the company network in clear text.
Of course should you wish to run the IM server 'in-house' you don't havbe these data privacy concerns.
Set up a company policy - No unauthorised software.
Make damn sure that IM software isn't authorised, and run regular audits on the software installed on employees PC's.
Harsh, but fair. If the company policy specifically states that something cannot be done, then it's up to the employee to behave themselves. Given the current state of IT-based employment, I'd imagine people would want to hold on to their jobs.
"Why did they cancel my favorite Sci-Fi show? I downloaded ALL the episodes!"
I completely agree that instant messaging has legitimate business uses - as a programmer, one of the first questions I ask new team members is what their IM name is. I have a strong dislike for system administrators like the submitter of the question, who seek to block things because everything must be under their control, instead of trying to determine what IM is being used for, perhaps by asking the users.
Just like the Web, or email, IM can be used for personal use - surprise!! That's why you set policies in the workplace. But my team uses it for quick conversations without leaving each other's desks. Like email, it's asynchronous, except the conversation flow is much more natural, instead of the >>>>>> indentation of emails that have been replied back and forth too many times.
IM is also the best indicator of whether someone is there - with email, you have no idea. You may go to a different floor, just to find out the person you needed to see has stepped out, and calling them on the phone every time is obnoxious. IM allows you to have different simultaneous conversations. The advantages go on and on.
As for Microsoft integrating it into the next Office suite, the above poster is partially right. Microsoft has already recognized that businesses have a place for IM and has added the Exchange 2000 Instant Messaging Service in their latest email server.
Please subscribe to see the more insightful version of th
As a lead architect, I find IM to be exceptionally annoying. I refuse to use it. If my programmers are too lazy to get off their fat asses to ask questions in person, most likely the question is of the variety, "I don't want to think for myself, what's the answer?"
Use it for "quick conversations without leaving the desk?" Have you heard of this wonderful invention by Antonio Meucci called the telephone? Most people I know and work with have one of these things.
Brought to you by the fine people at Folgers Crystal Meth Labs
For instance, in my organization, we use instant messaging to communicate about projects without leaving our workspaces, which can lead to further distractions and reduce productivity.
...-..-...." picks yours up?
You discuss company-sensitive information over a plaintext protocol on the Internet?
Do you do your banking that way too?
Can I have your Social Security Number right now, or should I just wait until "ngrep -i
If you're going to use IM, at the very least set up an internal server and connect to that. Otherwise, you're dumb.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Sending a message from one employee to another using one of the standard IM systems (ICQ, Y!, AIM, MSN) sends messages to an outside server by design. Sending message from one employee to another should keep the message inside the local network (unless the company has an unusual setup for their mail servers, or if they use third party email servers). In this case, email is private, doesn't go outside the company, and isn't sniffable by third parties.
--Be human.
You block Instant Messenger Exactly the same way you block innappropriate phone calls and abuse of the company's internal mail system. You make a company policy that says "don't do this bad thing", and then your managers enforce the policy using exactly the same methods they use to enforce all the other policies.
You can find all sorts of technical solutions for social problems, but they usually cause more trouble than the problem you're trying to solve.
You don't need a course in "FireWall 101." You need a course in "Business Management 101." It's a pretty good bet you won't find any help on SlashDot for that.
Slashdot is jumping the shark. I'm just driving the boat.
I thought ICQ, at least, supported encrypted communications of some sorts.. that would prevent simple sniffing..
Morphing Software