http://blogs.technet.com/rclaus/archive/tags/Internet+Security+and+Acceleration+server+_2800_ISA_2900_/default.aspxTags: Internet Security and Acceleration server (ISA)en-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/rclaus/archive/2005/03/23/401072.aspxWed, 23 Mar 2005 20:17:00 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:401072rclaus0http://blogs.technet.com/rclaus/comments/401072.aspxhttp://blogs.technet.com/rclaus/commentrss.aspx?PostID=401072<P>Speaking of recycled braincells,<A href="http://blogs.msdn.com/brucecowper/archive/2005/01/15/353488.aspx"> he also did a post on HTTP header filters </A>(found in the add-ins area of the console) that you can put in to block access to a number of programs you might not want to have running through your firewall.&nbsp; Applications these days can run through port 80 when you think you have them blocked by other means.</P> <P>On a personal note - I don’t believe it’s a good idea to block MSN Messenger / Windows Messenger / other messenger programs without assessing the impact shutting them off will have on your user community.&nbsp; Besides being an alternate method of communication to your clients and customers, these services provide valuable “presence information”.&nbsp; Looking for an in-house solution? Check out Live Communication Server and the new communicator client for a fantastic SECURE managed presence solution.&nbsp; I’ll be posting more information on these as I prepare for a show in Montreal with Dell around collaboration. </P> <P>What are YOUR thoughts on blocking access? Are you planning to implement a managed solution? Interested in learning more about LCS 2005?&nbsp; Post your comments in the FeedBack/Comments link at the bottom of this post.</P> <P>Here is a list of the recommended header filters for the various services you might want block from escaping your firewall. (see below)&nbsp; <BR>---------&nbsp;<BR>En parlent d’utiliser l’information que Bruce Cowper&nbsp;a déjà poster, j’ai vu <A href="http://blogs.msdn.com/brucecowper/archive/2005/01/15/353488.aspx">qu’il a écrit un post</A> au sujet “HTTP HeaderFilters” que tu peu utiliser pour “blocker” accès a les logicielle que vous n’aime pas laisser passer au par-feu.&nbsp; Les logicielles peuvent utiliser port 80 pour communiquer avec des services – non seulement les port standard qu’il utilise.</P> <P>Avant d’implémenter ces filtres, je veux faire le commentaire que je ne pense pas que c’est une bonne idée&nbsp; de « blocker » ces logiciels sans communique votre désir a vos usager. C’est un autre méthode qu’ils utilise a communiquer avec leurs clients et a partager leur « information de présence ».&nbsp; Est-ce que vous cherche un solution qui est géré par vous dans votre réseau? Regard « Live Communications Server » et le nouveau client « Communicator » pour une solution fantastique. Je vais faire un post avec plus d’information dans quelques jour après que j’ai compléter un présentation a Montréal avec Dell au sujet de collaboration. </P> <P class=MsoNormal><SPAN>Qu’est-ce que vous pensez au sujet de blocker les services de «&nbsp;chat&nbsp;» et «&nbsp;présence&nbsp;» comme MSN or Windows Messenger au bureau? <SPAN>&nbsp;</SPAN>Est-ce que vous recherchez un solution interne et gérer pas vous-mêmes? Êtes-vous intéresser d’avoir d’autre information a propos «&nbsp;Live Communications Server&nbsp;2005 ». <SPAN>&nbsp;</SPAN>Cliquez au lien «&nbsp;Feedback/Comments&nbsp;» à la fin post pour être entendu. <o:p></o:p></SPAN></P> <P>Voici une liste avec les filtres d’http pour les logiciels que vous désirez « blocker ». </P> <P> <TABLE class=MsoNormalTable cellSpacing=0 cellPadding=0> <TR> <TD> <P class=MsoNormal><SPAN>Application<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Search in<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>HTTP header<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Signature<o:p></o:p></SPAN></P></TD></TR> <TR> <TD> <P class=MsoNormal><SPAN>MSN Messenger<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Request headers<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>User-Agent:<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>MSN Messenger<o:p></o:p></SPAN></P></TD></TR> <TR> <TD> <P class=MsoNormal><SPAN>Windows Messenger<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Request headers<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>User-Agent:<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>MSMSGS<o:p></o:p></SPAN></P></TD></TR> <TR> <TD> <P class=MsoNormal><SPAN>AOL Messenger<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Request headers<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>User-Agent:<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Gecko/<o:p></o:p></SPAN></P></TD></TR> <TR> <TD> <P class=MsoNormal><SPAN>Yahoo Messenger<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Request headers<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Host<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>msg.yahoo.com<o:p></o:p></SPAN></P></TD></TR> <TR> <TD> <P class=MsoNormal><SPAN>Kazaa<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Request headers<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>P2P-Agent<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Kazaa<o:p></o:p></SPAN></P></TD></TR> <TR> <TD> <P class=MsoNormal><SPAN>Kazaa<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Request headers<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>User-Agent:<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>KazaaClient <o:p></o:p></SPAN></P></TD></TR> <TR> <TD> <P class=MsoNormal><SPAN>Kazaa<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Request headers<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>X-Kazaa-Network:<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>KaZaA<o:p></o:p></SPAN></P></TD></TR> <TR> <TD> <P class=MsoNormal><SPAN>Gnutella<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Request headers<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>User-Agent:<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Gnutella <o:p></o:p></SPAN></P> <P class=MsoNormal><SPAN>Gnucleus<o:p></o:p></SPAN></P></TD></TR> <TR> <TD> <P class=MsoNormal><SPAN>Edonkey<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Request headers<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>User-Agent:<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>e2dk<o:p></o:p></SPAN></P></TD></TR> <TR> <TD> <P class=MsoNormal><SPAN>Morpheus<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Response header<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Server<o:p></o:p></SPAN></P></TD> <TD> <P class=MsoNormal><SPAN>Morpheus<o:p></o:p></SPAN></P></TD></TR></TABLE></P><img src="http://blogs.technet.com/aggbug.aspx?PostID=401072" width="1" height="1">Internet Security and Acceleration server (ISA)