At 02:14 PM 4/22/99 -0400, you wrote:
>I am having this same problem. What I have done is disable port 80. In
>return no one can use AOL. Is there away around this?
>
Wow, that is sort of drastic. And since IM is very configurable, it might
be useless (since they might be able to get out some other way).
I think what all of this is boiling down to is that the *firewall*
shouldn't be the limiter, it should be your *policy*. If you decide you
don't want to deal with IM then your policy should reflect that and inform
your users that if they run into problems you'll happily reload their
machine with the *required* software.
As for IM being a "security" risk, you can do some things to it (DoS,
AFAIK, but check around) but nothing "deadly". (I'm sure someone will
correct me :-) To me, AOL's IM is sort of bothersome since they designed
it to circumvent your firewall policy by running on port 80. (are those
black helicopters I hear?)
Phil
Phil Waterbury <[EMAIL PROTECTED]>
Network Security Lab Analyst
ICSA, Inc.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
