Blocking access to an IM network

Article:HOWTO54044  |  Created: 2011-06-06  |  Updated: 2011-06-06  |  Article URL http://www.symantec.com/docs/HOWTO54044
Article Type
How To


Subject


Blocking access to an IM network

You can create a policy to determine which IM networks that members of a particular group can access. You can also enable or disable file transfers and extended features for each IM network to which you allow access. Most IM clients provide extended features that allow IM users to communicate with each other by a means other than IM, such as audio or video. Extended features also include such features as application sharing and games. If you do not want your IM users to use these features, you can disable them. You can also send a notification to an IM user who attempts to use an extended feature that is disabled.

You can view the connection status of each IM network that you support from each Scanner that is in your corporate network.

See Viewing the connection status of your IM networks.

Symantec Messaging Gateway is installed with a default Network Access Control policy that allows access to the following public IM networks:

  • AOL

  • Yahoo IM

  • MSN Messenger

  • Google Talk

This policy also enables file transfers and extended features for each IM network.

You can configure Symantec Messaging Gateway to block access to an IM network that you do not support. When you block access to an IM network, each IM filtering Scanner is prevented from connecting to that network's public IM network servers. IM users that attempt to sign on to a blocked IM network are notified by the IM client that the connection attempt failed.

If you block access to an IM network on which IM users are currently signed on, those users remain signed on until they purposely sign off.

Note:

Before you create a Network Access Control policy, you must first create any notifications that you want to select for that policy.

See Creating policy violation notifications.

Note:

When you block access to an IM network, you prevent your IM users from signing on to that network from their client workstations. However, some networks allow their users to sign on by using a Web-based IM client that is available on that network's public Web site. IM conversations that occur in this manner are not directed through Symantec Messaging Gateway; instead, they are directed through your corporate network, and may therefore pose a security threat.

To prevent unauthorized IM conversations, you must block access to Web-based IM clients. See the Symantec Messaging Gateway Installation Guide.

To create a Network Access Control policy

  1. In the Control Center, click Protocols > Instant Messaging > Network Access Control.

  2. Click Add.

  3. In the Policy name box, type a name for this policy.

  4. Under Enabled Networks and Features, check each IM network that you want to enable for this policy.

    If you enable an IM network, file transfers and extended features are automatically enabled for that network.

  5. (Optional) Under each IM network, uncheck File Transfers if you want to disable file transfers for that network.

  6. (Optional) Under each IM network, uncheck Extended Features if you want to disable extended features for that network.

  7. Under Actions, check If a blocked network feature is detected send the following notification if you want to send a notification to an IM user who is blocked from sending a file or using an extended feature.

    This option is only available if you disabled extended features for one of the IM networks.

  8. Select a notification from the Notification drop-down list.

  9. Under Apply to the following groups, check each group to which this policy applies.

  10. Click Save.


Legacy ID



v9133952_v58306712


Article URL http://www.symantec.com/docs/HOWTO54044


Terms of use for this information are found in Legal Notices