Ditto. Get a written policy established first, and unless you're dealing with schoolage kids, a few rumors spread about the internet access being logged should deter most (and syslogging isn't that hard). The rest, well their managers can deal with when presented with the logs. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Chuck Larrieu"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Indeed this has come up regularly. I remain skeptical that placing the > burden for enforcing policy such as this lies with the firewall and the > firewall administrators. > > OK, so you block Napster and AOL. Now then, what about E-trade? Yahoo? > Merrill Lynch, Dilbert.com? not to mention the various picture sites that so > many disapprove of. How about all the radio stations people are listening to > over the net? > > Now, what happens when some person or business unit has a good business > reason for accessing AOL or other sights that you are blocking on your > firewall? > > I'm talking to the wind, I suppose, but my first question when this topic > comes up, is "what is the written policy regarding internet access?" the > second question is "will management pay for what it requires to accomplish > this policy?" > > But relying on port blocking, or address blocking, or domain name blocking, > on a case by case basis seems a bit shortsighted. > > JMHO > > Chuck > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Keyur Lavingia > Sent: Monday, April 23, 2001 12:41 PM > To: [EMAIL PROTECTED] > Subject: RE: Blocking Napster and Aol on Pix config/Setting up Tacus or > [7:1639] > > This has actually come up again in the discussion. If u want to block AIM > outgoing from ur network, u should try to block the IP Addresses of the > login server of AIM which is "login.oscar.aol.com" The AIM App is designed > to scan for ports other than 5190 to login to the server, so port blocking > will not work always. > > Sincerely, > > KEYUR LAVINGIA > Network Engineer > Peak XV Networks > San Ramon, CA 94583. > W - 925.242.7492 > C - 925.699.8855 > [EMAIL PROTECTED] > www.peakxv.net > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 23, 2001 11:12 AM > To: [EMAIL PROTECTED] > Subject: Re: Blocking Napster and Aol on Pix config/Setting up Tacus or > [7:1629] > > > Just a note, that people can shoose other ports to get to the AIM services. > > > ""Kevin O'Gilvie"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Before I ask this question I would like to give something back, below is > the > > config to block aim and napster: > > > > access-list acl_out deny tcp any any eq 5190 > > access-list acl_out deny tcp any any eq 8875 > > access-list acl_out deny tcp any any eq 7777 > > access-list acl_out deny tcp any any eq 6699 > > access-list acl_out deny tcp any any eq 8888 > > access-group acl_out in interface inside > > access-list acl_out permit tcp any any > > access-list acl_out permit ip any any > > > > > > Now I would like to setup a Tacus+ or Radius Server on My network I have a > > widows 2000 domain and I am unsure of how to do this. Please advise. > > > > TIA, > > > > Kevin > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at http://explorer.msn.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1670&t=1670 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
