In my department we have installed Windows guard software by Cetus software called Stormwindows. There are many other software products which do the same function.
This allows us to lock down most of the functions of the Win95/98/ME PC so that the user may not install most software packages that update the registry. Although not 100% perfect, some packages such as Yahoo IM can operate without registry entries, if reg merging is unsuccessful. We found this out the hard way. It does cut down on most tampering and installation from typical users. Also, if they succeed in installing their favourite APP, they cannot remove it, and we can see their icons and follow appropriate actions. Just a suggestion. This has decreased our workstation reloads by 80% over the past 2 years. - Chris Payne On Tue, 12 Mar 2002 19:38:03 -0500 (EST), Johannes B. Ullrich wrote: >[EMAIL PROTECTED] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > It is virtually impossible to block them with a firewall. Maybe a firewall is the wrong way. How about using an IDS? The basic idea: - - Define and publish a company wide policy outlawing the use of Instant Messengers. - - Use an IDS to monitor if the policy if violated. The other problem you are having is users installing software. Something that has to be eliminated if you try to run a secure network. - -- - ------- [EMAIL PROTECTED] Join http://www.DShield.org Distributed Intrusion Detection System - - Chris Payne Network Administrator Physical Resources Dept, University of Guelph (519)824-4120 x2882 [EMAIL PROTECTED]
