I work for a small company of about 250 people at 10 different sites in a small region. A new policy just came down preventing the use of IM's and management wants me to monitor who is using it and to prevent them from doing it. I don't necessarily agree with this as I know some employees use MSN effectively in dealing with customers, but it's not under my control. With the million other projects going on, there is no way I can keep up on this on a workstation specific basis. I'm still entry level IT and I have a few questions. We run on MS Server 2003.
1. How does your business address IM?
2. How does IM work? I blocked ports but this doesn't seem to work. Does it run through proxy?
3. Is there a way to limit how MSN is used? Is it possible to prevent file sharing, yet allow chat?
4. What have you done to not allow IM?
Thanks!
2006-07-12 06:03:58 · 7 answers · asked by Me 4 in Computers & Internet ➔ Security
Blocking the ports doesn't work. Apparently IM uses the most common ports. For example, I blocked port 80 where most traffic was going through, and it simply changed ports.
Taking away the ability to install software and uninstalling MSN would work, but they can still access internet sites that allow you to login to your IM account. These web sites are all over the place making it almost impossible to block all of them. Right now we'll just block what we can and uninstall MSN. I wish we could just cut off internet completely but it isn't realistic given the nature of our business.
2006-07-13 10:31:57 · update #1
You could do different things.
1) Block all the ports the IM program uses on your firewall. That should prevent them from working if done correctly.
2) Uninstall the IM s/w from each user's PC and then take away their local rights allowing them to install s/w so they can't put it back on.
2006-07-12 06:09:20 · answer #1 · answered by DiRTy D 5 · 0⤊ 0⤋
We address IM by using our own tool called Louts Notes SAMETIME or LOTUS NotesBuddy as a means of communication across our widely disperesed organization. Our tool can log into AOL IM concurrently but why? The IM tool in our organization is a major distraction and causes people to feel a false sense of urgency when items come up. I can often be dealing with 5 to 12 IM sessions and have no time to deal with EMAIL or phone calls. I wish we did not have it as it causes great frustration.
I am truly not able to address your questions 2 and 3, just dont understand enough of our IT infrastructure to be able to answer. In looking at #4 though, you could take a procedure approach. In looking at things from a procedure standpoint in the employee manual you can make clear statements about internet sharing tools which give others "IN ROADS" to the company network and conducting personal business on compnay time. In looking at a procedure or conduct statement in the employee manual, from this perspective, you have grounds for disciplary action if IM tools are found on a persons PC. In other words if found on a persons an organizations PC Computer Usage policy and Network Securtiy policy have been violated. Additional statements may specifically required stating that "NO IM tools (AOL, YAHOO or others are allowed to be installed on the PC).
2006-07-12 13:15:46 · answer #2 · answered by aquavita@sbcglobal.net 2 · 0⤊ 0⤋
How are they accessing the Internet? If it all goes through a proxy then you can block the apps or block the sites needed to use the apps with the proxy server that is providing access.
Either way blocking the IM apps or traffic at the point of Access is the only way to do it practically. This is why I prefer to use a single Linux machine to provide access to give me control over who and what goes through my network...never trust WinBlows
2006-07-12 13:15:51 · answer #3 · answered by Perry L 5 · 0⤊ 0⤋
I know most companies use logging from a firewall. All IM, websites are all logged. There is a lot of software out there that can make reports in real time of what a user has done. Who they are chatting too and sites visited. I think most managers create these reports on employees and put them in their personnel files in case they need to let them go for some reason. They will have plenty of ammo already built up.
Also there is software that lets managers view a person's live desktop to watch what they are doing without them knowing. They can take screenshots to save later.
2006-07-12 13:09:09 · answer #4 · answered by Fantasy Girl 3 · 0⤊ 0⤋
Answer to 4) You can block the application running by editing the group policy software restrictions.
2006-07-12 13:06:26 · answer #5 · answered by Anonymous · 0⤊ 0⤋
You have 250 people distributed over 10 sites and no one can IM??? That makes no sense. Does your boss have pointy hair?
2006-07-12 13:05:58 · answer #6 · answered by Anonymous · 0⤊ 0⤋
If we use it we will be fired.
2006-07-12 13:06:33 · answer #7 · answered by Unique 4 · 0⤊ 0⤋