Blocking messenger services is difficult but not impossible. The newer messenger applications have been designed to thwart firewalls and other security by searching for an open port OR using the standard HTTP port 80. Most company's have enforced Internet use by blocking all outbound traffic and using a proxy device for connection to the Internet.
A proxy device you say? Yes, a proxy between the internal and external networks that allows you to control who has access to the Internet and what they can see. The proxy can be transparent where the user does not have to enter anything, or you could require a password for each person. In any event, the proxy allows you to track what each port is used for, plus you could block certain IP traffic, IP addresses or additional ports. Simple reporting would allow you to find who is attempting these processes and stop them.
I would recommend implementing an "acceptable use policy" within your company prior to starting punitive action, otherwise you will have no company documentation to support your findings.
Finally, if you don't want to implement a proxy, I hope you have some type of content checking in place. Open/free access to the Internet from any desktop leaves a huge hole open to the internal private networks that could leave your company open to hackers or malicious code. Install some protective measures for the sake to the company.
For more information on this topic, visit these other SearchSecurity.com resources:
News & Analysis: IM putting enterprises at risk to viruses, attack
Web Security Tip: Prevent hackers from sneaking in through IM
Best Web Links: Infrastructure & network security
For news, advice and other information about application security, click here.
This was first published in July 2002