KevinBeaver   7385 pts.  |   Jun 29 2009  5:33PM GMT

I can say that, based on what I see in my security assessment work, admins try to block, users find a way around it, admins write the policies (big mistake), no one knows about them, and the cycle continues. It’s a never-ending battle.

JennyMack   3205 pts.  |   Jun 30 2009  2:12PM GMT

Technochic: That makes sense; I know many organizations that put a ban on the installation of any programs by the end user. Though it seems harsh, when it comes down to it, it is a work machine.

KevinBeaver: That does sound like a never-ending battle. How do users find a way around it? Does your org have in place installation blocks like Technochic’s does?

Robert Stewart   1810 pts.  |   Jun 30 2009  2:48PM GMT

Any peer to peer application, which most IM apps have can be unsafe for any network, use a comm server as mentioned above for a workplace network and by all means limit access to IM to only internal users.

I really think we continue to get asked to support some crazy stuff, yes IM is faster, but really cant email work in most instances, really it is getting ridiculous. There are rules in engineering and also network design and infrastructure, The first law of engineering is “Keep it simple stupid”. Sometimes I really miss the good old bulletin board days lol. We are starting to realize in more ways than one that less can really be more.

12345rrr   10 pts.  |   Aug 31 2009  5:26AM GMT

There are some UTMs that allow you to control your in-and-out traffic very efficiently like ideco gateway
You can set all kinds of restrictions rules per user, per group and more , its also a firewall and mail server etc , however it requires a dedicated server
so yeah this is what i chose for my network of 100 worksattions and i can recommend it too, price is competative comaredto alternatives with such functionality

KevinBeaver   7385 pts.  |   Sep 24 2009  5:55PM GMT

Pardon my delayed response. I don’t use it in my own organization (I’m a one-man shop) but I do see and hear about users at my client sites changing the ports, using proxies, etc. in their IM software to get around firewall and content filtering controls. They can use proxies or anonymizers to get around specific web site filters as well. Or, they just hop onto their cellular air card or an unprotected wireless network (either in-house or someone else’s) that allows this type of access. The best way to control such access is at the desktop level using application blocking via Windows policies or third-party endpoint security applications.

It’s a game of cat of mouse that’ll probably never go away - especially given that management is typically out of the loop on this.