Messengers restriction by ISA………………..

265 pts.
Tags:
Firewalls
Forensics
Incident response
Intrusion management
Network monitoring
Network security
Networking
VPN
Wireless
Hi, Here is my configuration: In Router I set denny any to any by UDP, The Default GateWay is Router for every body, In IE I set the address of ISA with port 8080 as proxy for all users, I don't have any rules for messengers, A.Now when I set in yahoo messenger NO Proxy it connects!!! B.When I set Firewall with no proxies and use proxies it doesn't connect!! C.When I set use proxies it doesn't connect!! I wrote an access roule for every http *.messenger site and Allow it for evrybody but again in third setting (C) it doesn't connect!! I don't know why : 1)when I set proxy in Messenger without any denny rule it couldn't connect!!? 2)How can I restrict any messengers with ISA!!!? and another question: Why Isa show the username of some of the users but not every users in Session Monitoring? Could you please help me? Thank you. ---- Regards Mahnaz
Asked: Last updated:
Related Questions
1

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hi,

I wasn’t sure of the answer so I asked a friend of mine and here is his answer:

Here is an article for how to block instant messengers with ISA:

http://www.isaserver.org/tutorials/How_to_Block_Dangerous_Instant_Messengers_Using_ISA_Server.html

The way that IE works by default even with using a proxy enabled is to send the request as anonymous first. This is also true of the firewall client if it is installed. It will send the source IP address instead of the username. So if you are looking at the sessions for the Web service and see anonymous connections or the Firewall service and see IP addresses you can right click on the array member and choose the checkbox that says “Ask unidentified users for identification”. This will require all connection attempts to authenticate before going outbound through the isa server. You can see this activity happening if you do a netmon capture and see the packets moving tofrom the client and server. The client will send the request and the ISA server will respond back authentication required – 407 and then the client will respond back with the proper credentials that has access. I hope this helps.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Komlink
    To Restrict MSN messegner you can do so by group ploicy from your domain controller. For the other applications if you truly want to control them, you need to have a layer 7 device which is blocking these applications. There are several UTM products around these days which can do the job.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: