RE: How do i block google talk on a Firewall ?

From: Santi (ccie@texas.net)
Date: Fri Jan 25 2008 - 20:45:11 ARST

• Next message: kingsley wilfred: "test mail"
• Previous message: mgreenlee@ipexpert.com: "RE: Why lab cost is different"
• Maybe in reply to: Vinu: "How do i block google talk on a Firewall ?"
• Next in thread: Hoogen: "Re: How do i block google talk on a Firewall ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Below wont work. Too many legitimate reasons for using port 443(SSL). Using
a web filtering tool such as WebSense or BlueCoat will block Google Talk
specifically and just about any other messaging tool more effectively. But
it it not 100%. It will not stop there. There are issues with other
messangers that will connect to Google Talk, not to mention, using
SSH(Putty) and proxy servers to hop from, by using TOR. You will want to
look for TOR activity on Snort and in your firewall logs. You can go to a
site that will list all known TOR servers. Block those IP's as well. Not
just Google servers. Look for Meebo servers and so on.

Others things that should be done are locking down the desktop and
restricting access for installing programs. I.E., using very tuned
baselines.

Your company must have policies in place that have the bite to kick someone
in the gut, when they use any of the tools for bypassing security or
programs that are unauthorized. I.E., nailing contractors and soldiers for
using TOR. Contractors lose their contract, soldiers get an article 15 or
worse, depending on what they have done to try to bypass security.

Bottom line is that without effective policies for smacking the crap out of
someone for risking the corporate network, all you have is due diligence,
reporting/recording, and washing your hands of it.

This is from experience in filtering content for the military in Iraq.

Santi

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Radioactive Frog
Sent: Thursday, January 24, 2008 7:44 AM
To: Vinu
Cc: Cisco certification
Subject: Re: How do i block google talk on a Firewall ?

Just block below ports...

* What ports does Google Talk require? *

 If you're having trouble connecting to Google Talk through your firewall or
proxy, it may be because some necessary ports are blocked.

In order to connect to Google Talk and start sending IMs, you'll need to
enable TCP connections to talk.google.com on port 5222, or on port 443.

If you'd like to make calls or transfer files through Google Talk, you need
to:

   - Enable UDP connections to anywhere on any port; or
   - Enable TCP connections to anywhere on port 443.

If you're behind a public or corporate network that is blocking these ports
or protocols, please contact your local network administrator for further
instructions.
 <http://www.google.com/support/talk/bin/answer.py?hl=en&answer=27930#>

• Next message: kingsley wilfred: "test mail"
• Previous message: mgreenlee@ipexpert.com: "RE: Why lab cost is different"
• Maybe in reply to: Vinu: "How do i block google talk on a Firewall ?"
• Next in thread: Hoogen: "Re: How do i block google talk on a Firewall ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:38:01 ARST