| Training | Upgrades | ||
| Support & Downloads | Computer Works Specials | Onsite Service | About Computer Works |
| Networking | Server | Peer | Wireless |
| Broadband Picks | Tip Sheets | www.geek2guru.com | Partners |
THE SECURITY IMPLICATIONS OF INSTANT MESSAGING
Instant messaging (IM) is rapidly becoming one of the most popular applications on the Internet, surpassing even the World Wide Web. Several of the hottest IM systems right now include AOL Instant Messenger (AIM), MSN Messenger, and ICQ, which is also owned by AOL. All of these systems come with a system-specific client program for various operating systems.
There are
a considerable number of other IM clients, and many of them are compatible
with two or more of the aforementioned IM systems. In general, IM almost completely
lacks coordinated interoperability between systems. IM protocols are used
to leverage the particular company that manages the service. Almost none of
the services provide any technical details as to how they work, with the exception
of AOL, which changed their IM protocol when they realized the value of their
property.
Over the past few years, this resulted in several well- publicized "lockouts"
by AOL against MSN and Yahoo! IM clients. Although this situation has been
somewhat resolved, nonetheless, it's still questionable to function with a
mix of IM client programs. If IM is being used company-wide, definitely standardize
on one IM client. BE WISE--BE SECURE The central function of IM is to allow
people to instantly send text messages to one another, however, the "instant"
aspect of this equation raises some serious security implications for companies.
As the use
of IM continues to increase, companies need to start putting policies in place
that address this very issue.
Any company that is operating without an audit trail on computer communications
of this type is putting itself at risk. Instant messaging usually relies on
authentication with a central server on the Internet in order to establish
a session.
The problem with this is the transmission of username and password information
across the Internet. Although weak encryption is used for authentication purposes
to a degree, the actual data usually isn't encrypted. IM conversations are
often managed by a central IM server that is on the Internet, which means
that this service can be interrupted due to network problems outside of a
company's control. This implies that it's possible for a conversation to be
monitored at some point.
All major IM services (AOL, MSN Messenger, and ICQ) and commercial firewall
products support SOCKS5, which should be used to secure IM traffic. In my
opinion, the most serious problem with using IM in the workplace is that companies
need to be aware that files can be transmitted directly between two IM clients.
This feature can bypass network-wide file scanning software and result in
a virus or worm getting directly to a computer from behind a firewall.
The good news: The file transfer feature can be disabled or modified to support
virus scanning.
The not- so-good news: Disabling file transfer or implementing virus scanning
of file transfers needs to be done at the PC-level rather than using a centralized
network virus scanner.
This means that a user could re- enable the file transfer feature even if
it had been previously disabled. While IM definitely has its merits, it's
imperative for companies to comprehend that "instant" can translate into instant
headaches.
Unless IM traffic is secured, it's technically wide open for communication
monitoring and interception.
The most disturbing IM security risk by far is that the majority of people
using IM programs are unaware of the security implications of using IM file
transfer. Once again, this is a critical problem because it bypasses a company's
ability to protect its network using a network-wide virus scanning system
on a firewall.