Instant Messenger and peer-to-peer (P2P) data transfer applications can be a powerful business tool. They can also be a terrible security, and confidentiality hole, if staff are allowed to use them too freely. IM Guardian is a tool that enables the system manager to control the use of these applications within the enterprise without simply blocking all access at the firewall.

IM Guardian runs on a Red Hat Linux 9 machine and is a "lollipop" device – that is, it sits and watches traffic flying past and blocks it by sending connection-teardown messages instead of sitting in-line with the Internet connection and thus getting in the way of all the traffic going in and out of the enterprise. We've always liked this idea ever since AbirNet started the ball rolling with SessionWall-3 (now part of CA's portfolio) and it's disappointing that other products don't do the same.

Although the work is done on the Linux server, you can manage the system from anywhere as the admin interface works through a Web browser. The screens take the usual form of a menu down the left hand side and the item detail in the main pane to the right. The system has two modes – discovery (where it just sits and watches what's going on) and policy enforcement (where it can block the types of traffic you don't want to see). Typically, you'd let the unit watch the network for a while and then you'd use the information it has recorded to decide what your IM policy will be.

Policy management
The various system parameters are split into two sections: IM policies (which includes AIM, MSN Messenger and Yahoo Messenger) and P2P policies (which is split into applications that use the FastTrack, Gnutella and MFTP protocols). For P2P protocols you can simply define IP addresses and ranges that are permitted to use P2P, and choose whether to block any, or all, of the three types of transfer protocol. For IM protocols you get the same choices as P2P but with the option of whether to permit either file transfers or direct peer-to-peer connections (or both, or neither).

As time goes by, the server enforces the policies and keeps a log of overall traffic and statistics regarding what it's allowed through and what it's blocked. It's worth noting at this point that although it'll list the IP addresses from which it's seen transmissions, along with the number of messages sent, the IM user ID in use, and various other statistical information, it doesn't give the actual text of the messages nor the names of any files that have been transferred. This is a sad omission, in our opinion. We would have liked to see a system with the ability to log the entire conversation, though in fairness, if you use IM as a serious business tool you'd probably implement your own private server (with the logging options turned on) instead of using the public network.

The reporting side of the system is split into two report types: statistics regarding the usage of the network and the various IM/P2P protocols, and information regarding what's been allowed through or blocked. Statistical stuff is available as totals, or by day, or by hour, and is broken down into both the number of messages sent and the number of bytes transferred.

The system settings part of the control panel is short and to the point. It's here that you can switch between the discovery and policy enforcement modes, change the admin password for the Web interface, set the timezone and time format, and tell the package to download an upgrade from FaceTime's server, if one's available.

IM Guardian is a useful package that allows you to control instant messenger applications sensibly rather than unilaterally. It's a shame there isn't more detailed logging of individual conversations but that aside it's well worth considering as a tool for managing the interaction between your staff and the outside world.


This type of "lollipop" device needs to be able to see traffic flying down the Internet connection, so it will have to be connected via a shared media hub or the mirror port of an appropriately equipped switch.