OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
RE: [Snort-users] Chat/IM

From: Joe Thompson (jttechforless.com)
Date: Thu Apr 15 2004 - 11:01:50 CDT

>
> Does anyone have an effective way of blocking chat/IM?

We've used a combination of blocking the login servers and strict
blocking of ports above 1024 for users that do not need outside access
other than 80/443. We've got it a bit easier having our mail and DNS
servers onsite as we can plan our infrastructure around it.

Blocking login servers is a constant pain, and requires a bit of work.
In the end I just used domain policy to restrict the applications
themselves. Every so often someone manages to get a client up, but that
is just as easily fixed by our detection and strict written policies
from management.

I've noticed that rarely is written policy enforcement and management /
leadership brought up when it comes to security topics. This is
something I think needs to be addressed in all instances, it's a much
more effective strategy overall, especially when combined with good
monitoring.
--
Joe Thompson
Tech for Less, Inc.
719-886-8000 Ext. 236 (office)
719-287-9358 (mobile)

Message Signed with GnuPG (www.gnupg.org)

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.1 (GNU/Linux)
 
mQGiBEBx8s4RBACWKlS2hpsYNhgf/uxPIb1x6k6s5gDGJukB//pr4jcMEgBsJ8j2
szoP/49j3y1xKmExn8R2jC2zCnDKymW4cGrmPts+/DsXiRzwDgP2mHBmh27MEXUX
RkoP5R6IBE7PrRWPJMPpx8F5Eiynx9Ng/eWd77snyWTY1evdpFcrqSAL1wCgiopL
NyyEuohqvcY4+HFXIIWgIu0D/3n9IXmD3+C3w5AfmMhtYvq8IGNVoVBzG+cEPbuY
cYjJMBrj+SCIQ++UnQPK3noQCymCozWQpM/ZEjVWdo0oAUSAdOlMaDs/3zgU0sTz
+PYDpxNQGbmFSOSXQ+nMrY6GFlhQCIPpXtMKUoXWjUijJOwaXbXWhMnjYLs3cW/+
FTJAA/9J4qon+Rp3EtWOq7huIJPW5UFMpjrJg+ajWpwNn5N0loLNRbXompguUGe5
yQAUbrffWXWB2HO/0BKEO4LcV5D1o10X7fgk7oRCZlSRCGb0HwBKPohKgRtEv3FX
fR5GF8c1FYjaZE4obtneo2WVOY6nHekDJjR/6gevq8TOiZDad7QhSm9lIFRob21w
c29uIDxqdEB0ZWNoZm9ybGVzcy5jb20+iFkEExECABkFAkBx8s4ECwcDAgMVAgMD
FgIBAh4BAheAAAoJEKOxnfEz8MR3bnMAnjnf9x0O6ynKSYYU6mpCPCF2bePBAJsF
8TXdm6BM56MqUP9IK+8UG61Wx7kCDQRAcfLdEAgAhI2ehwKO/AqkI1aJ8WyjEdiX
yGHUJrr+i3amgi0YVvtVwQU46Tu8OI+WMbl9M6JMOCoTKv5Oq6rD2wHDVLOBygfl
S2HY8fuYWZkLVxJlZtTqC0r7Xc2qwPiDGrRxdNDz7fgMRVopWLO6s5IlYVkUBAJt
TAF99PdiX5BVzFHQvloAulKiIbcFCkK7G9Y3Mgt297zItDyCMRaZCaVV7fcWNozP
oRjHLMjFCDLzpRXlNhOVDQxbAkLWJpoDOujcYStXxYQ8BCsG1opfsfKohD3tIkNc
SK5bY7LmNhFwHAf+HDDpTwC4LcQXugsPiixFRqodRIA2NwHidDarKW0YyzagewAD
BQf9Ee1AZ4rv9FquuF56UOgB2N4LZtKwxrIqYg+UueUXmX0qm8RRVpKX41cSR/jL
1IwkCNE3f69HhxYGPkRT1ttGlldOf6xHj82nJGN5CKuy4KBPsqS4478mPi1d1biS
o7qG9EgxyM1ga5q3wlSY9omzn6exDDY45i3sxaHeUjmOU0rlFOUJNpqgQ83TEQTa
1uEsVnnk+O4PBNZiWhvhZ38jab333UUNEiv69yEW1AMc4rQm+LxS3uWqablM+8gZ
Bt5D1qUZaa+DoQv72wolvsbIZg2wxCsbFlI6FrkHBHXkN4NVL8/Hpc7qcr613cOA
0MgVs6MXQD0y7eQkCH10549QTIhGBBgRAgAGBQJAcfLdAAoJEKOxnfEz8MR3nocA
n0lhxI76ZB7V06J1Xt1ix2e2vt6aAJ9sBV/aD4v64BwRJjjxloTqBVAWjg==
=kIbN
-----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQBAfrHso7Gd8TPwxHcRApXkAJ9/ogHYzKOm3dUvpW6xtI3ouaUqcACfXXfV
uGvi4Wa/pcn9CMri4nFZUMY=
=h9oS
-----END PGP SIGNATURE-----

-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users