Step 1: The "easy, but stupid" approach

In the wrong hands IM and P2P file sharing can be too much of a risk for your organization. There are many ways to block this traffic, but some are more elegant -- with less adverse effects -- than others. Contributor Serdar Yegulalp details this process in this step-by-step guide.

The most brainless way to stop IM/P2P clients is to block all Internet access except for ports 80 and 443. Theoretically, this should stop most P2P/chat software from working. But the bad news is that many of these programs are smart enough at this point to use ports 80 and 443 to attempt to open links to the outside world (AOL Instant Messenger is one such program).

Ultimately, it's a pretty ineffective method and may do more harm than good. There are many other legitimate services that run on ports other than 80 or 443 -- FTP, for instance -- and it may not be practical to block such services to end users. A user might need to obtain a document from an FTP repository somewhere, and if it's unavailable because port 21 is blocked (that's the default port for FTP), that'll be a source of frustration.

If you're determined to block everything except the most legitimate ports, you can go to the IANA (Internet Assigned Numbers Authority) for a list of common and IANA-approved port assignments. Still, it might be better to think about a more sophisticated approach that doesn't require blocking specific ports.


Blocking IM and P2P

 Home: Introduction
 Step 1: The "easy, but stupid" approach
 Step 2: The "block the nexus" approach: IM
 Step 3: The "block the nexus" approach: P2P
 Step 4: The "block the application" approach


More information from SearchWindowsSecurity.com

  • News: Malcode targets Windows, IM users
  • Tip: Five steps to lockdown peer-to-peer networks

  • ABOUT THE AUTHOR:
    Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

    Copyright 2005 TechTarget
    This was first published in January 2006

    Dig deeper on Windows Server and Network Security

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchServerVirtualization

    SearchCloudComputing

    SearchExchange

    SearchSQLServer

    SearchWinIT

    SearchEnterpriseDesktop

    SearchVirtualDesktop

    Close