How to stop KIK Messenger working through a Smoothwall

Article #: Product Castle
KB-188 Guardian Any

Summary

KIK Messenger is a popular messaging application available for Android & iOS, enabling (mostly) teens to chat freely and quickly to each other.

Problem

There are Many reported cases of people using the KIK messaging application to groom teens as it allows chatting to anyone who adds your username.

Solution

Option 1:

Set up a Firewall Rule under Network > Firewall > Firewall Rules. Hover over the relevant firewall section and click Add rule.

Select the correct inbound, outbound and destination addresses, then under the services box click Create. Ensure the New service radio button is selected. In Name, call it it KIK or something memorable.

Select TCP in Protocol, and set Port to 5222:5223. Set the Action to Reject.

KIK Messenger on the iOS and Android platform uses TCP port 5222 and 5223. Setting up a firewall rule to reject traffic from these ports and also setting up a web filter policy to block Instant Messaging category will block KIK from being used, but may also block other services like Google Hangouts that use those ports.

Option 2:

Without using firewall rules you can block the category via: Guardian > Web Filter > Policy Wizard. Set up a policy to Block Instant Messaging, VOIP and Web Conferencing.

This will block the majority of traffic that KIK uses but there is a chance it will allow some through, so you will need to make sure Web Proxy Authentication settings are correct.

Go to the Web Proxy > Authentication > Manage Policies > Transparent Authentication policies and then set the parent rule to Block HTTPS traffic with no SNI header, and the child rule to Allow Transparent HTTPS Incompatible Sites. This will drop the traffic from KIK when it connects as it does not have an SNI header.

Option 3:

Applying a Decrypt and Inspect policy will also cause KIK to stop working as it seems to use certificate pinning. To do so go to Guardian > HTTPS Inspection > Manage Policies and make sure KIK is being categorised under a Decrypt and Inspect policy

Attribution:

Last updated: Author: Contributions by:
01 September 2017 Patrick Gleeson Suzanne Knight