Skip to main content

How to Block Instant Messaging Apps Using Zenarmor

Published on:
.
4 min read
.
For German Version

Instant Messaging (IM) applications have become an integral part of daily communication, allowing users to send messages, share media, and even conduct voice and video calls instantly. While these applications provide convenience, they can pose significant challenges in corporate, educational, and secure network environments.

By using Zenarmor, administrators can enforce policies to block these applications entirely or selectively, depending on the organization's needs.

In this tutorial, we will explain how you can easily block all instant messaging application categories or specific instant messaging applications, like WhatsApp, Telegram, and Skype, individually using Zenarmor on your network.

Get Started with Zenarmor Today For Free

What are the Most Common Instant Messaging Applications?

There are numerous IM applications used worldwide, but some of the most widely adopted ones are as follows.

  • WhatsApp: One of the most popular messaging apps, used for personal and business communication.
  • Telegram: Known for its focus on privacy and large group messaging capabilities.
  • Skype: Frequently used for business calls and video conferencing.
  • Facebook Messenger: Integrated with Facebook, widely used for personal and business chats.
  • Google Chat: Used within Google Workspace for team collaboration.
  • Yahoo Messenger: A legacy messaging service still in use by some organizations.

These platforms facilitate instant communication but also come with security and productivity risks that may necessitate restrictions.

Why Block Instant Messaging Applications?

Blocking IM applications may be necessary for several reasons, both from a security and social standpoint.

Security Risks

Instant messaging applications can introduce significant security vulnerabilities to a network. Whether through unintentional data leaks or targeted cyberattacks, allowing unrestricted IM usage can compromise sensitive information and overall network security.

  • Data Leakage: IM apps can be used to share sensitive company or institutional data, increasing the risk of data breaches.
  • Malware & Phishing Attacks: Many IM services are targeted by phishing campaigns and malware distribution.
  • Bypassing Security Measures: Some IM applications use encrypted connections or alternative protocols (like Quic UDP) to bypass traditional security controls.
  • Shadow IT Concerns: Employees using unauthorized IM apps for work communication may introduce vulnerabilities into the network.

Productivity Concerns

Beyond security risks, IM applications can negatively impact workplace efficiency. Unregulated use of these platforms can lead to distractions, increased bandwidth consumption, and a lack of oversight in corporate communications.

  • Workplace Distractions: Excessive use of IM apps during working hours can reduce productivity.
  • Unmonitored Communication: Unauthorized communication channels can lead to compliance issues, especially in regulated industries.
  • Bandwidth Consumption: Video calls and media sharing in IM apps consume network bandwidth, affecting critical business applications.
  • Loss of Control Over Communication: Companies may struggle to monitor or archive conversations, which is essential for legal or regulatory compliance.
Get Started with Zenarmor Today For Free

Blocking Instant Messaging Apps Using Zenarmor

Zenarmor provides a powerful and flexible way to control network traffic, including the ability to block Instant Messaging (IM) applications. Whether you want to prevent all IM applications from being accessed on your network or selectively block certain ones, Zenarmor allows administrators to apply policies that align with security and productivity requirements. This ensures that unauthorized communication is restricted, sensitive data is protected, and workplace efficiency is maintained.

Setting Up Zenarmor for Blocking Instant Messaging Application Category Entirely

Zenarmor offers predefined application categories, including "Instant Messaging", which can be blocked entirely. After installing Zenarmor on your BSD-based or Linux-based gateway and completing the initial configuration, you can easily block threats and protect your users by following these steps.

  1. Log in to the Zenarmor Dashboard.

  2. Navigate to the Policies page on your Zenarmor node.

    Figure 1. Policies Page

  3. Click on the policy name, such as Default, that you want to configure. This will open the policy configuration window on the right side of the page.

  4. Navigate to the App Controls tab on the policy configuration page.

    Figure 2. Default Policy – App Controls

  5. Search for "Instant Messaging". You can find the "Instant Messaging" category by scrolling through the list, or you can simply use the search bar to locate it quickly.

    Figure 3. Search for Instant Messaging Category

  6. Click on the toggle bar under the Status column to Block the Instant Messaging application category.

    Figure 4. Blocking Instant Messaging App Category

  7. Click Apply Changes to activate the settings.

    Figure 5. Applying Changes

Testing and Validating the Block

Once the blocking process is complete, you may follow verification steps to ensure that the applications are indeed restricted. Checking whether users can still access IM services and analyzing reports helps confirm network security and policy effectiveness.

  1. On a VM in your lab environment, open a web browser.

  2. Attempt to access the blocked instant messaging apps from a test machine. Let’s try to access Telegram web.

  3. The browser should display a security warning or a "This page is blocked!" message, indicating the connection was blocked. Since the entire category is blocked, the 'Reason' section on this page displays 'Instant Messaging category access' as the blocking reason.

    Figure 6. Telegram is Successfully Blocked

  4. Use Reports Charts to monitor blocked IM-related traffic. Navigate to the Reports page on your Zenarmor node.

    Figure 8. Reports Page

  5. You may see the traffic overview of running applications on App Categories Breakdown and Apps Breakdown charts.

    Figure 9. Viewing App Categories Breakdown and Apps Breakdown Charts

  6. You may apply a filter for the blocked app sessions, such as Telegram for our example. Hover your mouse over the Telegram on the Apps Breakdown chart.

  7. Click Filter button. This will automatically apply the filter to the charts.

    Figure 10. Applying Filter on Apps Breakdown Chart

  8. Check Live Sessions to confirm that the traffic is successfully being denied.

    Figure 11. Viewing Live Sessions for Blocked App

  9. By selecting the magnifying glass icon, you can access more comprehensive details.

    Figure 12. Viewing Live Sessions Details

Blocking WhatsApp/Telegram/Skype IM Applications

If you need to block only selected IM applications instead of the entire application category, Zenarmor allows granular control over individual applications.

  1. Navigate to the Policies page on your Zenarmor node.

  2. Click on the policy name, such as Default, that you want to configure. This will open the policy configuration window on the right side of the page.

  3. Navigate to the App Controls tab on the policy configuration page.

  4. Search for "Instant Messaging". You can find the "Instant Messaging" category by scrolling through the list, or you can simply use the search bar to locate it quickly.

  5. There are more than 70 applications under this category, and by clicking on 'Instant Messaging', you can view the detailed list of these applications. You can either browse through this list to select the application you want to block or use the search bar to find it directly.

    Figure 13. Instant Messaging Apps List

  6. Search for the applications you want to block. Let’s use the search bar to block Telegram.

    Figure 14. Blocking App Individually

  7. Or you may browse through this list to select the applications you want to block. You can block multiple applications at once by toggling their switches. For example, in the images, Facebook Chat, Facebook Messenger, Facebook Video Call, Google Chat, Skype, Skype for Business (Lync), WhatsApp, WhatsApp Web, Yahoo Messenger, and Telegram have been blocked simultaneously.

    Figure 15. Blocking Facebook Chat and Google Chat

    Figure 16. Blocking Skype, Whatsapp and Yahoo Messenger

  8. Click Apply Changes to apply the settings.

Testing and Validating the Block

Ensure the block is effective by verifying IM access restrictions and analyzing reports for security and policy compliance.

  1. Attempt to access blocked services like WhatsApp, Whatsapp Web, Telegram, Skype, Google Chat, Yahoo Messenger, or Skype.

  2. The browser should display a security warning or a 'This page is blocked!' message, indicating the connection was blocked. Additionally, when checking the 'Reason' section on this page, you can see that the blocking reason varies for each application."

    Figure 17. Landing Page for Blocking Whatsapp Web

    Figure 18. Blocking Google Chat

    Figure 19. Blocking Skype

  3. Use Reports Charts to monitor blocked IM-related traffic. Navigate to the Reports page on your Zenarmor node.

  4. You may see the traffic overview of running applications on App Categories Breakdown and Apps Breakdown charts.

    Figure 20. Viewing App Categories Breakdown and Apps Breakdown Charts

  5. You may apply a filter for the blocked app sessions, such as Whatsapp Web for our example. Hover your mouse over the Whatsapp Web on the Apps Breakdown chart. We used this example to keep the explanation concise, but you can examine other blocked applications in the same way.

  6. Click Filter button. This will automatically apply the filter to the charts.

    Figure 21. Applying Filter on Apps Breakdown Chart

  7. Use Live Sessions and filter for Blocked traffic to ensure enforcement.

    Figure 22. Viewing Live Sessions for Blocked App

  8. By selecting the magnifying glass icon, you can access more comprehensive details.

    Figure 23. Viewing Live Sessions Details

Handling QUIC UDP Connections

Some IM applications, such as WhatsApp and Facebook Messenger, use a special communication protocol called QUIC UDP. This protocol is designed to make connections faster and more efficient, but it can bypass traditional filtering methods. Even if you block an IM application, it may still work because of QUIC UDP.

To ensure that these applications are completely blocked, you should disable QUIC UDP connections.

By blocking QUIC UDP, you prevent IM applications from using alternative network paths, ensuring that your restrictions are fully effective.

  1. In Zenarmor Dashboard, navigate to Policies.

  2. Click on the policy name, such as Default, that you want to configure. This will open the policy configuration window on the right side of the page.

  3. Go to App Controls.

  4. Search for "Quic UDP Connection" and enable Blocked.

    Figure 24. Search for Quic UDP Connection

  5. Click Apply changes.

  6. Verify via Live Sessions to ensure no traffic is bypassing the block.

    Figure 25. Viewing Live Sessions to Verify Block

Conclusion

By following this guide, you can effectively block instant messaging applications using Zenarmor. Whether restricting the entire category or targeting specific apps, Zenarmor provides the flexibility needed for robust network control. Always verify the changes using Live Sessions and Reports Charts to ensure successful enforcement.

Get Started with Zenarmor Today For Free
Last updated on by Zenarmor