The use of P2P file transmission in enterprises has indeed caused some security risks. Both viruses and Trojans may break through the Enterprise Firewall into the internal network, important enterprise information or data may also be leaked to the external network. Therefore, many enterprises prohibit P2P software from transmitting files, and do not affect messaging requirements. Here I will introduce how to prohibit the transfer of files by MSN.
If you are only allowed to use Windows Messenger, but not MSN Messenger, you can block the file passing through MSN.
After my analysis of the two software, I found that both Windows Messenger and MSN Messenger use TCP port 1863 when logging on to the. NET account, but the port used for file transfer is different.
Windows Messenger uses TCP 6891 ~ Port 6900: UDP 5004 ~ Port 65535. The file transmitted by MSN Messenger is still TCP port 1863. In this way, I thought of letting users only use Windows Messenger, and then put the TCP 6891 ~ Port 6900 cannot be closed!
However, it is difficult to prevent users from using MSN Messenger, but there is still a way to achieve it.
Let's create an experiment to see how to configure it!
I. Network Structure
Ii. Experiment steps
Step 1: Set up a DNS server;
Step 2: Upgrade the DC and create an Active Directory environment;
Step 3: Create domain users and groups;
Step 4: Add ISA server and client to the domain;
Step 5: Install the ISA Server 2004 Standard Edition. Install the Service Pack 1 patch package after installation;
Step 6: configure the ISA Server;
Step 7: Configure Firewall policies;
Step 8: test;
3. Disable MSN Messenger;
1. configuration steps;
2. Test :;
3. Further test .;
4. Check whether the client uses MSN Messenger;
Summary
I. Network Structure
1. Network Structure
2. Structure Description
(1) DC and DNS
Operating System: Windows Server 2003 SP1
IP: 192.168.6.11/24
Gateway: 192.168.6.16
DNS: 192.168.6.11
Domain Name: test.net
(2) ISA Server
Operating System: Windows Server 2003 SP1
Intranet Nic IP Address: 192.168.6.16/24
Intranet Gateway: None
DNS: 192.168.6.11
(3) Client
Operating System: Windows 2000 javassionnal SP4
IP: 192.168.6.21/24
Gateway: 192.168.6.16
DNS: 192.168.6.11
The customer is configured as a firewall customer.
Ii. Experiment steps
This article involves some configurations and content in some DNS server and AD (Active Directory). The specific method is ignored. In this domain, the environment is only required by my enterprise network and not required.
Step 1: Set up a DNS server.
Step 2: Upgrade the DC to create an Active Directory environment.
Step 3: Create domain users and groups.
1. Create a user group for the test domain:
(1) browse the Web page group
(2) MSN Group
(3) Contact List
2. Create a test domain user account:
(1) test1: add to browser group, MSN group, and contact group.
(2) Test2: Join the unlimited Internet group.
Step 4: Add ISA server and client to the domain.
Step 5: Install the ISA Server 2004 Standard Edition. Install the Service Pack 1 patch package after installation.