[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] hotmail messager




> -----Original Message-----
> From: Sturgis, Grant [mailto:Grant.Sturgis@xxxxxxxxxxxxxxxxxx]
> Sent: 29 January 2004 22:57
> To: Frédéric Poulet; suse-security@xxxxxxxx
> Subject: RE: [suse-security] hotmail messager
>
>
> To block MSN Messenger (what you are calling hotmail messager),
> you must either know all the IP addresses that MS will use for
> this (all of loginnet.passport.msn.com) and be willing to change
> them every time MS makes changes (which is frequently) or you
> must use an HTTP proxy.  Other options include other application
> firewalls, but we can ignore them for now.
>
> Do you let all your clients surf the web directly?  If so, then
> you probably will have to opt for the blocking of all the IP
> addresses.  Please note that this will also break Hotmail and any
> other Passport related websites.
>

One question is obvious:
Are your users subject to a (computer) Acceptable Use Policy (AUP) as
part of a contract of employment?

If so, and if the restriction of Hotmail Messenger access is a rule set
down by management, ask your manager about the possibility of using the
AUP to impose a withdrawal of web access for any employees found to use
Hotmail Messenger (or similar). Tell employees this is happening, and
that you're monitoring network access for abuse of the AUP, and then
enforce it a few times to make a hint that you're serious. At all times
make sure you're not breaking any privacy laws (or reasonable expectations).

I've magnificently failed to restrict MSN (etc.) Messenger access by IP
restriction, as the ports change too frequently, so I started to crack
down on users. It was _NOT_ a popular move, but it was a reasonable
request from my boss so I did it...

Tom.


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here