IM at Work
IM at Work
By: David Geer
Sep. 23, 2003 04:01 PM
IM (instant messaging) for the enterprise is being touted as something new. Don't you believe it. I recall using ICQ Corporate at an ISP in Cleveland in 1998. Is it news because Wall Street is starting to take it seriously? You bet!
Today, serious broadband speeds are omnipresent in the enterprise. Broadband delivers "instant," and everybody loves instant, not just the enterprise (anyone notice the markets that sprouted from TV dinners?). Instantaneous data delivery facilitates the most desirable instant of all instant communication, or IM.
Instant communication everywhere, all the time is a definite advantage for an ever more mobile workforce. But then comes the rub, er, hack. Peer-to-peer applications like IM are prone to security issues. Veteran IM provider Yahoo! recently discovered a buffer overflow vulnerability in both its IM and chat programs. We've seen holes by the same name patched repeatedly in other software only to see them reappear. Suddenly we realize that we're in for the same ride with IM client software.
Like 802.11 hotspots, IM "proliferates in homes and offices faster than it can be secured," says Gary Morse, president, Razorpoint Security Technologies. When you leave port 5190 closed you don't expect trouble (see sidebar). When you open it to IM traffic, unless you analyze and secure this traffic, you have opened a door to hackers, whose computers are often set up to perform automated scans of IP address ranges in search of ports to exploit. Until we have experience analyzing port 5190 like we do port 80 (Web surfing), we will be learning as we go, perhaps the hard way, upon being the victims of intrusions ourselves.
As with other holes, once access is attained, hackers can reach other systems, set up accounts, and ransack the company's data. How do you protect IM traffic? "Application intelligence products [intrusion detection] look deeper into the traffic before it goes through the specified port numbers to see if it really is instant messaging," says Morse.
"One of the things we recommend is to either limit the use of IM with a product that keeps most of the traffic inside your network [good!], or to install and maintain one of the application intelligence systems that looks more closely at the packets going through to ensure it is only IM traffic and not next quarter's financial reports," says Morse.
Razorpoint also recommends security design reviews before rolling out massive new systems like IM. This includes assistance with the actual architectural design of the system.
Proliferation Speed = Exploitation Ease
What Would Razorpoint Have Done for Yahoo!?
IM Security Direct, Simple Solutions
"While IM is a great convenience, it can be a security nightmare. At the very least, companies have to make sure that IM doesn't go in or out of the firewall. IM allows for everything security efforts try to plug up. It allows file transfers in and out. It compromises personal privacy by letting people know where they are in theory.
Companies interested in using IM should purchase a more secure version of the software if they believe the benefits of IM outweigh the security issues. If companies don't want to pay for a commercial version, then they clearly don't think there will be a strong enough benefit."
If you don't want it bad enough to pay for it, you don't really want it. That makes sense. Even more quick, slick, and sensible is the solution that doesn't poke holes in your firewall. Pay for secure IM and keep it on the network, inside the firewall, and you don't need to open ports, perform intrusion detection on those ports, study the traffic, or anything like that. DG
Reader Feedback: Page 1 of 1
Latest Cloud Developer Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week